From e4f0f91ebdafaa3d9e073ee90f2aea5692ec5045 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Tue, 20 Dec 2022 01:04:13 +0100 Subject: add restrict-namespaces to (almost) all profiles --- etc/profile-m-z/Maelstrom.profile | 2 ++ etc/profile-m-z/Mathematica.profile | 2 ++ etc/profile-m-z/PCSX2.profile | 2 ++ etc/profile-m-z/QMediathekView.profile | 1 + etc/profile-m-z/QOwnNotes.profile | 1 + etc/profile-m-z/Viber.profile | 2 ++ etc/profile-m-z/XMind.profile | 1 + etc/profile-m-z/Xephyr.profile | 2 ++ etc/profile-m-z/Xvfb.profile | 2 ++ etc/profile-m-z/ZeGrapher.profile | 2 ++ etc/profile-m-z/macrofusion.profile | 2 ++ etc/profile-m-z/magicor.profile | 2 ++ etc/profile-m-z/makepkg.profile | 1 + etc/profile-m-z/man.profile | 1 + etc/profile-m-z/manaplus.profile | 2 ++ etc/profile-m-z/marker.profile | 2 ++ etc/profile-m-z/masterpdfeditor.profile | 1 + etc/profile-m-z/mate-calc.profile | 1 + etc/profile-m-z/mate-color-select.profile | 1 + etc/profile-m-z/mate-dictionary.profile | 1 + etc/profile-m-z/mcabber.profile | 2 ++ etc/profile-m-z/mcomix.profile | 1 + etc/profile-m-z/mdr.profile | 1 + etc/profile-m-z/mediainfo.profile | 1 + etc/profile-m-z/mediathekview.profile | 1 + etc/profile-m-z/megaglest.profile | 2 ++ etc/profile-m-z/meld.profile | 1 + etc/profile-m-z/mendeleydesktop.profile | 2 ++ etc/profile-m-z/menulibre.profile | 1 + etc/profile-m-z/meteo-qt.profile | 1 + etc/profile-m-z/midori.profile | 2 ++ etc/profile-m-z/mindless.profile | 1 + etc/profile-m-z/minecraft-launcher.profile | 2 ++ etc/profile-m-z/minetest.profile | 2 ++ etc/profile-m-z/minitube.profile | 2 ++ etc/profile-m-z/mirage.profile | 2 ++ etc/profile-m-z/mirrormagic.profile | 2 ++ etc/profile-m-z/mocp.profile | 1 + etc/profile-m-z/mousepad.profile | 2 ++ etc/profile-m-z/mp3splt-gtk.profile | 2 ++ etc/profile-m-z/mp3splt.profile | 5 +++-- etc/profile-m-z/mpDris2.profile | 1 + etc/profile-m-z/mpd.profile | 1 + etc/profile-m-z/mpg123.profile | 1 + etc/profile-m-z/mplayer.profile | 2 ++ etc/profile-m-z/mpsyt.profile | 1 + etc/profile-m-z/mpv.profile | 2 ++ etc/profile-m-z/mrrescue.profile | 2 ++ etc/profile-m-z/ms-office.profile | 2 ++ etc/profile-m-z/mtpaint.profile | 2 ++ etc/profile-m-z/multimc5.profile | 1 + etc/profile-m-z/mumble.profile | 1 + etc/profile-m-z/mupdf.profile | 1 + etc/profile-m-z/mupen64plus.profile | 2 ++ etc/profile-m-z/musescore.profile | 2 ++ etc/profile-m-z/musictube.profile | 2 ++ etc/profile-m-z/musixmatch.profile | 1 + etc/profile-m-z/mutt.profile | 1 + etc/profile-m-z/mypaint.profile | 2 ++ etc/profile-m-z/nano.profile | 1 + etc/profile-m-z/natron.profile | 2 ++ etc/profile-m-z/ncdu.profile | 1 + etc/profile-m-z/neochat.profile | 2 ++ etc/profile-m-z/neomutt.profile | 1 + etc/profile-m-z/netactview.profile | 1 + etc/profile-m-z/nethack-vultures.profile | 2 ++ etc/profile-m-z/nethack.profile | 1 + etc/profile-m-z/netsurf.profile | 2 ++ etc/profile-m-z/neverball.profile | 2 ++ etc/profile-m-z/newsboat.profile | 1 + etc/profile-m-z/newsflash.profile | 2 ++ etc/profile-m-z/nextcloud.profile | 2 ++ etc/profile-m-z/nheko.profile | 2 ++ etc/profile-m-z/nicotine.profile | 2 ++ etc/profile-m-z/nitroshare.profile | 1 + etc/profile-m-z/nodejs-common.profile | 1 + etc/profile-m-z/nomacs.profile | 2 ++ etc/profile-m-z/notify-send.profile | 1 + etc/profile-m-z/nslookup.profile | 1 + etc/profile-m-z/nvim.profile | 1 + etc/profile-m-z/nylas.profile | 2 ++ etc/profile-m-z/nyx.profile | 2 ++ etc/profile-m-z/obs.profile | 1 + etc/profile-m-z/ocenaudio.profile | 2 ++ etc/profile-m-z/odt2txt.profile | 1 + etc/profile-m-z/okular.profile | 1 + etc/profile-m-z/onboard.profile | 2 ++ etc/profile-m-z/onionshare-gui.profile | 1 + etc/profile-m-z/open-invaders.profile | 2 ++ etc/profile-m-z/openarena.profile | 2 ++ etc/profile-m-z/openbox.profile | 1 + etc/profile-m-z/opencity.profile | 2 ++ etc/profile-m-z/openclonk.profile | 2 ++ etc/profile-m-z/openmw.profile | 2 ++ etc/profile-m-z/openshot.profile | 2 ++ etc/profile-m-z/openstego.profile | 2 ++ etc/profile-m-z/openttd.profile | 2 ++ etc/profile-m-z/orage.profile | 1 + etc/profile-m-z/ostrichriders.profile | 2 ++ etc/profile-m-z/otter-browser.profile | 2 ++ etc/profile-m-z/palemoon.profile | 3 +++ etc/profile-m-z/pandoc.profile | 1 + etc/profile-m-z/parole.profile | 2 ++ etc/profile-m-z/patch.profile | 1 + etc/profile-m-z/pavucontrol.profile | 1 + etc/profile-m-z/pcsxr.profile | 2 ++ etc/profile-m-z/pdfchain.profile | 1 + etc/profile-m-z/pdfmod.profile | 2 ++ etc/profile-m-z/pdfsam.profile | 2 ++ etc/profile-m-z/pdftotext.profile | 2 ++ etc/profile-m-z/peek.profile | 1 + etc/profile-m-z/penguin-command.profile | 2 ++ etc/profile-m-z/photoflare.profile | 2 ++ etc/profile-m-z/picard.profile | 1 + etc/profile-m-z/pidgin.profile | 2 ++ etc/profile-m-z/pinball.profile | 2 ++ etc/profile-m-z/ping-hardened.inc.profile | 1 + etc/profile-m-z/ping.profile | 1 + etc/profile-m-z/pingus.profile | 2 ++ etc/profile-m-z/pinta.profile | 2 ++ etc/profile-m-z/pioneer.profile | 2 ++ etc/profile-m-z/pithos.profile | 1 + etc/profile-m-z/pitivi.profile | 1 + etc/profile-m-z/pix.profile | 2 ++ etc/profile-m-z/pkglog.profile | 1 + etc/profile-m-z/pluma.profile | 1 + etc/profile-m-z/plv.profile | 1 + etc/profile-m-z/pngquant.profile | 1 + etc/profile-m-z/polari.profile | 1 + etc/profile-m-z/ppsspp.profile | 2 ++ etc/profile-m-z/pragha.profile | 1 + etc/profile-m-z/profanity.profile | 1 + etc/profile-m-z/psi-plus.profile | 2 ++ etc/profile-m-z/psi.profile | 2 ++ etc/profile-m-z/pybitmessage.profile | 1 + etc/profile-m-z/qbittorrent.profile | 1 + etc/profile-m-z/qcomicbook.profile | 1 + etc/profile-m-z/qemu-launcher.profile | 1 + etc/profile-m-z/qemu-system-x86_64.profile | 1 + etc/profile-m-z/qgis.profile | 2 ++ etc/profile-m-z/qlipper.profile | 1 + etc/profile-m-z/qmmp.profile | 2 ++ etc/profile-m-z/qnapi.profile | 2 ++ etc/profile-m-z/qpdfview.profile | 2 ++ etc/profile-m-z/qrencode.profile | 1 + etc/profile-m-z/qtox.profile | 1 + etc/profile-m-z/quassel.profile | 2 ++ etc/profile-m-z/quaternion.profile | 2 ++ etc/profile-m-z/quiterss.profile | 1 + etc/profile-m-z/quodlibet.profile | 2 ++ etc/profile-m-z/qutebrowser.profile | 4 +++- etc/profile-m-z/raincat.profile | 1 + etc/profile-m-z/rambox.profile | 4 +++- etc/profile-m-z/redeclipse.profile | 2 ++ etc/profile-m-z/rednotebook.profile | 2 ++ etc/profile-m-z/redshift.profile | 1 + etc/profile-m-z/regextester.profile | 1 + etc/profile-m-z/remmina.profile | 1 + etc/profile-m-z/retroarch.profile | 2 ++ etc/profile-m-z/rhythmbox.profile | 2 ++ etc/profile-m-z/ricochet.profile | 1 + etc/profile-m-z/ripperx.profile | 2 ++ etc/profile-m-z/ristretto.profile | 1 + etc/profile-m-z/rpcs3.profile | 2 ++ etc/profile-m-z/rsync-download_only.profile | 1 + etc/profile-m-z/rtin.profile | 1 + etc/profile-m-z/rtorrent.profile | 2 ++ etc/profile-m-z/rtv.profile | 2 ++ etc/profile-m-z/sayonara.profile | 1 + etc/profile-m-z/scallion.profile | 2 ++ etc/profile-m-z/scorched3d.profile | 2 ++ etc/profile-m-z/scorchwentbonkers.profile | 2 ++ etc/profile-m-z/scribus.profile | 2 ++ etc/profile-m-z/sdat2img.profile | 2 ++ etc/profile-m-z/seafile-applet.profile | 2 ++ etc/profile-m-z/seahorse-adventures.profile | 2 ++ etc/profile-m-z/seahorse.profile | 2 ++ etc/profile-m-z/seamonkey.profile | 2 ++ etc/profile-m-z/server.profile | 8 ++++---- etc/profile-m-z/servo.profile | 2 ++ etc/profile-m-z/shellcheck.profile | 2 ++ etc/profile-m-z/shortwave.profile | 2 ++ etc/profile-m-z/shotcut.profile | 2 ++ etc/profile-m-z/shotwell.profile | 2 ++ etc/profile-m-z/signal-cli.profile | 2 ++ etc/profile-m-z/silentarmy.profile | 1 + etc/profile-m-z/simple-scan.profile | 2 ++ etc/profile-m-z/simplescreenrecorder.profile | 2 ++ etc/profile-m-z/simutrans.profile | 2 ++ etc/profile-m-z/skanlite.profile | 2 ++ etc/profile-m-z/slashem.profile | 1 + etc/profile-m-z/smplayer.profile | 2 ++ etc/profile-m-z/smtube.profile | 1 + etc/profile-m-z/smuxi-frontend-gnome.profile | 2 ++ etc/profile-m-z/softmaker-common.profile | 2 ++ etc/profile-m-z/sol.profile | 1 + etc/profile-m-z/songrec.profile | 2 ++ etc/profile-m-z/sound-juicer.profile | 2 ++ etc/profile-m-z/soundconverter.profile | 1 + etc/profile-m-z/spectacle.profile | 2 ++ etc/profile-m-z/spectral.profile | 2 ++ etc/profile-m-z/spectre-meltdown-checker.profile | 1 + etc/profile-m-z/spotify.profile | 2 ++ etc/profile-m-z/sqlitebrowser.profile | 1 + etc/profile-m-z/ssh-agent.profile | 2 ++ etc/profile-m-z/ssh.profile | 1 + etc/profile-m-z/standardnotes-desktop.profile | 2 ++ etc/profile-m-z/steam.profile | 5 +++-- etc/profile-m-z/stellarium.profile | 1 + etc/profile-m-z/strawberry.profile | 2 ++ etc/profile-m-z/strings.profile | 1 + etc/profile-m-z/subdownloader.profile | 1 + etc/profile-m-z/supertux2.profile | 2 ++ etc/profile-m-z/supertuxkart.profile | 2 ++ etc/profile-m-z/surf.profile | 1 + etc/profile-m-z/sushi.profile | 1 + etc/profile-m-z/sway.profile | 2 ++ etc/profile-m-z/synfigstudio.profile | 2 ++ etc/profile-m-z/sysprof.profile | 1 + etc/profile-m-z/tcpdump.profile | 1 + etc/profile-m-z/teamspeak3.profile | 1 + etc/profile-m-z/teeworlds.profile | 2 ++ etc/profile-m-z/telegram.profile | 2 ++ etc/profile-m-z/telnet.profile | 1 + etc/profile-m-z/terasology.profile | 2 ++ etc/profile-m-z/tilp.profile | 1 + etc/profile-m-z/tin.profile | 1 + etc/profile-m-z/tmux.profile | 2 ++ etc/profile-m-z/tor.profile | 2 ++ etc/profile-m-z/torbrowser-launcher.profile | 2 ++ etc/profile-m-z/torcs.profile | 2 ++ etc/profile-m-z/totem.profile | 2 ++ etc/profile-m-z/tracker.profile | 2 ++ etc/profile-m-z/transgui.profile | 1 + etc/profile-m-z/transmission-common.profile | 1 + etc/profile-m-z/tremulous.profile | 2 ++ etc/profile-m-z/trojita.profile | 1 + etc/profile-m-z/truecraft.profile | 1 + etc/profile-m-z/tuxguitar.profile | 2 ++ etc/profile-m-z/tvbrowser.profile | 2 ++ etc/profile-m-z/udiskie.profile | 2 ++ etc/profile-m-z/uefitool.profile | 2 ++ etc/profile-m-z/uget-gtk.profile | 2 ++ etc/profile-m-z/unbound.profile | 1 + etc/profile-m-z/unf.profile | 1 + etc/profile-m-z/unknown-horizons.profile | 1 + etc/profile-m-z/utox.profile | 1 + etc/profile-m-z/uudeview.profile | 2 ++ etc/profile-m-z/uzbl-browser.profile | 2 ++ etc/profile-m-z/viewnior.profile | 1 + etc/profile-m-z/viking.profile | 1 + etc/profile-m-z/vim.profile | 2 ++ etc/profile-m-z/vlc.profile | 2 ++ etc/profile-m-z/vmware-view.profile | 2 ++ etc/profile-m-z/vym.profile | 1 + etc/profile-m-z/w3m.profile | 1 + etc/profile-m-z/warmux.profile | 2 ++ etc/profile-m-z/warsow.profile | 2 ++ etc/profile-m-z/warzone2100.profile | 2 ++ etc/profile-m-z/webstorm.profile | 2 ++ etc/profile-m-z/webui-aria2.profile | 2 ++ etc/profile-m-z/weechat.profile | 2 ++ etc/profile-m-z/wesnoth.profile | 2 ++ etc/profile-m-z/wget.profile | 1 + etc/profile-m-z/whois.profile | 1 + etc/profile-m-z/widelands.profile | 2 ++ etc/profile-m-z/wine.profile | 2 ++ etc/profile-m-z/wireshark.profile | 2 ++ etc/profile-m-z/wordwarvi.profile | 2 ++ etc/profile-m-z/wps.profile | 2 ++ etc/profile-m-z/x-terminal-emulator.profile | 1 + etc/profile-m-z/x2goclient.profile | 1 + etc/profile-m-z/xbill.profile | 1 + etc/profile-m-z/xcalc.profile | 2 ++ etc/profile-m-z/xchat.profile | 2 ++ etc/profile-m-z/xed.profile | 1 + etc/profile-m-z/xfburn.profile | 2 ++ etc/profile-m-z/xfce4-dict.profile | 1 + etc/profile-m-z/xfce4-mixer.profile | 1 + etc/profile-m-z/xfce4-notes.profile | 1 + etc/profile-m-z/xfce4-screenshooter.profile | 1 + etc/profile-m-z/xiphos.profile | 2 ++ etc/profile-m-z/xmms.profile | 2 ++ etc/profile-m-z/xmr-stak.profile | 1 + etc/profile-m-z/xonotic.profile | 1 + etc/profile-m-z/xournal.profile | 2 ++ etc/profile-m-z/xpdf.profile | 1 + etc/profile-m-z/xplayer.profile | 2 ++ etc/profile-m-z/xpra.profile | 2 ++ etc/profile-m-z/xreader.profile | 1 + etc/profile-m-z/xviewer.profile | 1 + etc/profile-m-z/yelp.profile | 2 ++ etc/profile-m-z/youtube-dl-gui.profile | 2 ++ etc/profile-m-z/youtube-dl.profile | 1 + etc/profile-m-z/youtube-viewers-common.profile | 2 ++ etc/profile-m-z/zaproxy.profile | 1 + etc/profile-m-z/zart.profile | 2 ++ etc/profile-m-z/zathura.profile | 1 + etc/profile-m-z/zeal.profile | 1 + etc/profile-m-z/zim.profile | 2 ++ etc/profile-m-z/zulip.profile | 2 ++ 301 files changed, 480 insertions(+), 10 deletions(-) (limited to 'etc/profile-m-z') diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile index 930d49db2..23b44dbf5 100644 --- a/etc/profile-m-z/Maelstrom.profile +++ b/etc/profile-m-z/Maelstrom.profile @@ -43,3 +43,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile index 6286f066e..08283bd33 100644 --- a/etc/profile-m-z/Mathematica.profile +++ b/etc/profile-m-z/Mathematica.profile @@ -27,3 +27,5 @@ nonewprivs noroot notv seccomp + +restrict-namespaces diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index cc52f053f..902fc9a6a 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index cf597c215..1e9af5769 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile index 6bf69d055..6140de60f 100644 --- a/etc/profile-m-z/QOwnNotes.profile +++ b/etc/profile-m-z/QOwnNotes.profile @@ -52,3 +52,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index e13337b7c..2ea185ec0 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile @@ -34,3 +34,5 @@ disable-mnt private-bin awk,bash,dig,sh,Viber private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 private-tmp + +# restrict-namespaces diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile index 53cecd4b1..97b9d2898 100644 --- a/etc/profile-m-z/XMind.profile +++ b/etc/profile-m-z/XMind.profile @@ -35,3 +35,4 @@ private-bin cp,sh,XMind private-tmp private-dev +restrict-namespaces diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile index bda639232..2fc1d1b8a 100644 --- a/etc/profile-m-z/Xephyr.profile +++ b/etc/profile-m-z/Xephyr.profile @@ -40,3 +40,5 @@ private private-dev # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf #private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index 223370f30..8bf79f554 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile @@ -44,3 +44,5 @@ private private-dev private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,nsswitch.conf,resolv.conf private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile index 89024f976..6ddc24bf6 100644 --- a/etc/profile-m-z/ZeGrapher.profile +++ b/etc/profile-m-z/ZeGrapher.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile index e8fba41c3..24158d062 100644 --- a/etc/profile-m-z/macrofusion.profile +++ b/etc/profile-m-z/macrofusion.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index 76fc6e6da..e5d994b57 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 4ec6ef82e..e9d245a6d 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile @@ -58,3 +58,4 @@ private-cache private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index b8d221dc3..0e3f9e6e2 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile @@ -65,3 +65,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} #read-only /tmp # breaks mandoc (see #4927) +restrict-namespaces diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile index ede669c08..5ee4d0cb5 100644 --- a/etc/profile-m-z/manaplus.profile +++ b/etc/profile-m-z/manaplus.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index fe0077f3d..7066f4229 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile @@ -60,3 +60,5 @@ dbus-user filter dbus-user.own com.github.fabiocolacio.marker dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index a78927cc5..176506ff2 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile @@ -38,3 +38,4 @@ private-dev private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index 00f0bd9a3..e3a5c6ab6 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mate-color-select.profile b/etc/profile-m-z/mate-color-select.profile index a59f5e139..337c2d6e5 100644 --- a/etc/profile-m-z/mate-color-select.profile +++ b/etc/profile-m-z/mate-color-select.profile @@ -38,3 +38,4 @@ private-lib private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index 3720c824e..e80b220b7 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile @@ -42,3 +42,4 @@ private-dev private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index 1df04c117..1ebe9aaba 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile @@ -31,3 +31,5 @@ seccomp private-bin mcabber private-dev private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,ssl + +restrict-namespaces diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile index e654cc16e..a3ff768b7 100644 --- a/etc/profile-m-z/mcomix.profile +++ b/etc/profile-m-z/mcomix.profile @@ -70,3 +70,4 @@ read-write ${HOME}/.local/share/mcomix read-write ${HOME}/.local/share # used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails read-write ${HOME}/.thumbnails +restrict-namespaces diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index 63b07d474..e1025a1fb 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index 35d59d439..12d692b72 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile index f0ef7d010..19ce6fcd1 100644 --- a/etc/profile-m-z/mediathekview.profile +++ b/etc/profile-m-z/mediathekview.profile @@ -51,3 +51,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile index a28a66786..73fd65bcd 100644 --- a/etc/profile-m-z/megaglest.profile +++ b/etc/profile-m-z/megaglest.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index dddc7f977..634694363 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile @@ -78,3 +78,4 @@ private-dev private-tmp read-only ${HOME}/.ssh +restrict-namespaces diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile index 4f9bcea71..f2626b0c1 100644 --- a/etc/profile-m-z/mendeleydesktop.profile +++ b/etc/profile-m-z/mendeleydesktop.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index 08b155a27..cd4938ec6 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile @@ -61,3 +61,4 @@ read-write ${HOME}/.config/menus read-write ${HOME}/.gnome/apps read-write ${HOME}/.local/share/applications read-write ${HOME}/.local/share/flatpak/exports +restrict-namespaces diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile index 47b4cf8c9..db87b21bc 100644 --- a/etc/profile-m-z/meteo-qt.profile +++ b/etc/profile-m-z/meteo-qt.profile @@ -51,3 +51,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile index eb037f51b..d1655fabb 100644 --- a/etc/profile-m-z/midori.profile +++ b/etc/profile-m-z/midori.profile @@ -62,3 +62,5 @@ tracelog disable-mnt private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index 8f1cd0bc6..a26896b19 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index 22684be39..e6bf86802 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile @@ -56,3 +56,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile index 3d7ede3dc..15474c96e 100644 --- a/etc/profile-m-z/minetest.profile +++ b/etc/profile-m-z/minetest.profile @@ -61,3 +61,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 385edbd7a..ce938c867 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index 2b05bbfde..d36c0fc81 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 707ef34e9..34721b4a3 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index fdaf885bd..46320f8ea 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile @@ -50,3 +50,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} read-write ${HOME}/.moc +restrict-namespaces diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile index e87c82e30..8e597fa99 100644 --- a/etc/profile-m-z/mousepad.profile +++ b/etc/profile-m-z/mousepad.profile @@ -37,3 +37,5 @@ private-bin mousepad private-dev private-lib private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index 0dd9f7b43..89cee657d 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index e1b26aaf0..77ad30d0c 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile @@ -46,7 +46,8 @@ private-dev private-etc alternatives,ld.so.cache,ld.so.preload private-tmp -memory-deny-write-execute - dbus-user none dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index ed8a7eee3..1d875c3c4 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile @@ -55,3 +55,4 @@ private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile index 604db8105..d1c4bd24f 100644 --- a/etc/profile-m-z/mpd.profile +++ b/etc/profile-m-z/mpd.profile @@ -41,3 +41,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile index d03879836..12650dbc9 100644 --- a/etc/profile-m-z/mpg123.profile +++ b/etc/profile-m-z/mpg123.profile @@ -42,3 +42,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile index ebb4b0e73..7d9ff39ad 100644 --- a/etc/profile-m-z/mplayer.profile +++ b/etc/profile-m-z/mplayer.profile @@ -37,3 +37,5 @@ seccomp private-bin mplayer private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index 9dcdd34a3..e73e3142c 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile @@ -68,3 +68,4 @@ private-tmp dbus-user none dbus-system none +restrict-namespaces diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index 4ea5740c2..c9706999a 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile @@ -86,3 +86,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index f4d8d7f6a..4f7ae09b9 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile @@ -56,3 +56,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index 7eb8efae6..d979e7401 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile index 5467718e2..363c6fe4a 100644 --- a/etc/profile-m-z/mtpaint.profile +++ b/etc/profile-m-z/mtpaint.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile index 283840c17..73107680c 100644 --- a/etc/profile-m-z/multimc5.profile +++ b/etc/profile-m-z/multimc5.profile @@ -49,3 +49,4 @@ disable-mnt private-dev private-tmp +# restrict-namespaces diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile index e2530efc7..ef09e6fca 100644 --- a/etc/profile-m-z/mumble.profile +++ b/etc/profile-m-z/mumble.profile @@ -42,3 +42,4 @@ private-bin mumble private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile index 1876dc5ca..954016c2c 100644 --- a/etc/profile-m-z/mupdf.profile +++ b/etc/profile-m-z/mupdf.profile @@ -44,3 +44,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile index 093767c27..f97c6f271 100644 --- a/etc/profile-m-z/mupen64plus.profile +++ b/etc/profile-m-z/mupen64plus.profile @@ -31,3 +31,5 @@ seccomp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile index fa4a37bf8..ca951f70c 100644 --- a/etc/profile-m-z/musescore.profile +++ b/etc/profile-m-z/musescore.profile @@ -39,3 +39,5 @@ tracelog # private-bin musescore,mscore private-tmp + +# restrict-namespaces diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 9f83bb428..01b8d20b3 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index 796d7fbb0..d2032dcf6 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile @@ -35,3 +35,4 @@ disable-mnt private-dev private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,machine-id,pki,pulse,ssl +# restrict-namespaces diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 6c6341d40..52d30669f 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -146,3 +146,4 @@ read-only ${HOME}/.elinks read-only ${HOME}/.nanorc read-only ${HOME}/.signature read-only ${HOME}/.w3m +restrict-namespaces diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index 41519bbb1..18117965e 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index e8cee2538..a20eb3828 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile index 2c7e36a35..b979e1aee 100644 --- a/etc/profile-m-z/natron.profile +++ b/etc/profile-m-z/natron.profile @@ -34,3 +34,5 @@ private-bin natron,Natron,NatronRenderer dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile index 010f823d0..09687199b 100644 --- a/etc/profile-m-z/ncdu.profile +++ b/etc/profile-m-z/ncdu.profile @@ -35,3 +35,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile index a50fdd072..fde1d4d2c 100644 --- a/etc/profile-m-z/neochat.profile +++ b/etc/profile-m-z/neochat.profile @@ -62,3 +62,5 @@ dbus-user.talk org.freedesktop.Notifications ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher dbus-user.talk org.kde.kwalletd5 dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 9000b7972..c255a85c9 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -129,3 +129,4 @@ read-only ${HOME}/.elinks read-only ${HOME}/.nanorc read-only ${HOME}/.signature read-only ${HOME}/.w3m +restrict-namespaces diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index 60fc2fa65..4d5265397 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile index d130d5b3a..c07bb7107 100644 --- a/etc/profile-m-z/nethack-vultures.profile +++ b/etc/profile-m-z/nethack-vultures.profile @@ -42,3 +42,5 @@ writable-var dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile index 9cb7457e5..a43889349 100644 --- a/etc/profile-m-z/nethack.profile +++ b/etc/profile-m-z/nethack.profile @@ -44,3 +44,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +#restrict-namespaces diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile index 0ddb7bbbe..467ce5829 100644 --- a/etc/profile-m-z/netsurf.profile +++ b/etc/profile-m-z/netsurf.profile @@ -32,3 +32,5 @@ seccomp tracelog disable-mnt + +restrict-namespaces diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile index b9a25b66c..68b0ce2ea 100644 --- a/etc/profile-m-z/neverball.profile +++ b/etc/profile-m-z/neverball.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index 10f9240b7..b80a0a151 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile @@ -59,3 +59,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index 4da14beae..59f16bb10 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile @@ -57,3 +57,5 @@ dbus-user none #dbus-user.own com.gitlab.newsflash #dbus-user.talk org.freedesktop.Notifications dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index 95f9f5d14..c26942c81 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile @@ -69,3 +69,5 @@ dbus-user filter dbus-user.talk org.freedesktop.secrets ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index 662584892..4e4c7bfe7 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile @@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.secrets # Add the next line to your nheko.local to enable notification support. #dbus-user.talk org.freedesktop.Notifications dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile index 22c8b1782..568899eea 100644 --- a/etc/profile-m-z/nicotine.profile +++ b/etc/profile-m-z/nicotine.profile @@ -59,3 +59,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile index b4da229c4..cefe9fa79 100644 --- a/etc/profile-m-z/nitroshare.profile +++ b/etc/profile-m-z/nitroshare.profile @@ -49,3 +49,4 @@ private-tmp # dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index 2ba125a02..f185a04ee 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile @@ -100,3 +100,4 @@ dbus-system none # Add the next line to your nodejs-common.local if you prefer to disable gatsby telemetry. #env GATSBY_TELEMETRY_DISABLED=1 +restrict-namespaces diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index 733de1096..ac8336331 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile @@ -42,3 +42,5 @@ private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index 7e9290513..11d6bd795 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile @@ -57,3 +57,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index 160385d70..37d9f593c 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/nvim.profile b/etc/profile-m-z/nvim.profile index 1f8334d08..6f415d60a 100644 --- a/etc/profile-m-z/nvim.profile +++ b/etc/profile-m-z/nvim.profile @@ -51,3 +51,4 @@ read-write ${HOME}/.local/share/nvim read-write ${HOME}/.local/state/nvim read-write ${HOME}/.vim read-write ${HOME}/.vimrc +restrict-namespaces diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile index a86ef478a..8acf09e90 100644 --- a/etc/profile-m-z/nylas.profile +++ b/etc/profile-m-z/nylas.profile @@ -35,3 +35,5 @@ protocol unix,inet,inet6,netlink seccomp private-dev + +restrict-namespaces diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index f58f4fd1c..4f767f046 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile @@ -51,3 +51,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile index 91abdc032..82e7a4137 100644 --- a/etc/profile-m-z/obs.profile +++ b/etc/profile-m-z/obs.profile @@ -40,3 +40,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index 0ce3aa088..87c665cba 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile @@ -59,3 +59,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 38751aa25..25da2139f 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile @@ -44,3 +44,4 @@ dbus-user none dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 265ed1490..568b6566e 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile @@ -69,4 +69,5 @@ private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,mach # memory-deny-write-execute +restrict-namespaces join-or-start okular diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index e9d6ac028..913b499d3 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile @@ -53,3 +53,5 @@ private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.pr private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile index db923056a..47ac9fc05 100644 --- a/etc/profile-m-z/onionshare-gui.profile +++ b/etc/profile-m-z/onionshare-gui.profile @@ -65,3 +65,4 @@ dbus-user.talk org.freedesktop.secrets dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile index 730ed271d..f6b070ab3 100644 --- a/etc/profile-m-z/open-invaders.profile +++ b/etc/profile-m-z/open-invaders.profile @@ -39,3 +39,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index 87366547f..053f54b48 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile index b49fd9932..6a256593c 100644 --- a/etc/profile-m-z/openbox.profile +++ b/etc/profile-m-z/openbox.profile @@ -18,3 +18,4 @@ seccomp read-only ${HOME}/.config/openbox/autostart read-only ${HOME}/.config/openbox/environment +restrict-namespaces diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile index 3001a355d..a7d147ec9 100644 --- a/etc/profile-m-z/opencity.profile +++ b/etc/profile-m-z/opencity.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile index 5f05480d8..3449ac686 100644 --- a/etc/profile-m-z/openclonk.profile +++ b/etc/profile-m-z/openclonk.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index 8fe18f12b..be97552ab 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile index e867eccc3..0082be581 100644 --- a/etc/profile-m-z/openshot.profile +++ b/etc/profile-m-z/openshot.profile @@ -46,3 +46,5 @@ private-tmp dbus-user filter dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openstego.profile b/etc/profile-m-z/openstego.profile index 05b1d222d..fd8f70531 100644 --- a/etc/profile-m-z/openstego.profile +++ b/etc/profile-m-z/openstego.profile @@ -55,3 +55,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile index 19ba69b14..6e5c09eda 100644 --- a/etc/profile-m-z/openttd.profile +++ b/etc/profile-m-z/openttd.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile index 250e07004..fa16c05e2 100644 --- a/etc/profile-m-z/orage.profile +++ b/etc/profile-m-z/orage.profile @@ -36,3 +36,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile index a2c3e7d1d..f12838b72 100644 --- a/etc/profile-m-z/ostrichriders.profile +++ b/etc/profile-m-z/ostrichriders.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index 7af611cc4..028c6fe90 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile @@ -56,3 +56,5 @@ private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts private-tmp dbus-system none + +# restrict-namespaces diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index acb2ce176..24701b657 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile @@ -22,5 +22,8 @@ ignore seccomp #private-etc palemoon #private-opt palemoon +restrict-namespaces +ignore restrict-namespaces + # Redirect include firefox-common.profile diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index aac1fc5b6..2610ae67a 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index ca54d7ad4..fb629669a 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile @@ -27,3 +27,5 @@ seccomp private-bin dbus-launch,parole private-cache private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,pulse,ssl + +restrict-namespaces diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile index 573410630..5a0f69f79 100644 --- a/etc/profile-m-z/patch.profile +++ b/etc/profile-m-z/patch.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index d21157325..88cfd3352 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile @@ -53,3 +53,4 @@ dbus-system none # mdwe is broken under Wayland, but works under Xorg. #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index 9a1e7d420..784d82736 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index 0441c9e04..2e38dde3b 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile @@ -40,3 +40,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile index 463deca4c..81115b2e3 100644 --- a/etc/profile-m-z/pdfmod.profile +++ b/etc/profile-m-z/pdfmod.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile index 3e56a9c1d..34f8387af 100644 --- a/etc/profile-m-z/pdfsam.profile +++ b/etc/profile-m-z/pdfsam.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index 482181c86..7ece10835 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index 9809a488f..24a1bc979 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile @@ -59,3 +59,4 @@ dbus-user.talk org.gnome.Shell.Screencast dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile index e79e5cbc8..c740f5576 100644 --- a/etc/profile-m-z/penguin-command.profile +++ b/etc/profile-m-z/penguin-command.profile @@ -39,3 +39,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index 9f8e094fb..dcb52c846 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile index 2350f83a2..b007e3ca9 100644 --- a/etc/profile-m-z/picard.profile +++ b/etc/profile-m-z/picard.profile @@ -40,3 +40,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile index 904c17e09..2dc49a28d 100644 --- a/etc/profile-m-z/pidgin.profile +++ b/etc/profile-m-z/pidgin.profile @@ -45,3 +45,5 @@ tracelog private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index 440ee7800..3664e1469 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ping-hardened.inc.profile b/etc/profile-m-z/ping-hardened.inc.profile index eda53654a..e3288d2b1 100644 --- a/etc/profile-m-z/ping-hardened.inc.profile +++ b/etc/profile-m-z/ping-hardened.inc.profile @@ -9,3 +9,4 @@ protocol unix,inet,inet6 seccomp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index dcb2134c7..2a7967de7 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile @@ -68,3 +68,4 @@ dbus-user none dbus-system none read-only ${HOME} +#restrict-namespaces diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index 14ac487ab..419dd5d1a 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile index d5a1b1141..e084a7933 100644 --- a/etc/profile-m-z/pinta.profile +++ b/etc/profile-m-z/pinta.profile @@ -38,3 +38,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile index cf79adc6f..dc447def2 100644 --- a/etc/profile-m-z/pioneer.profile +++ b/etc/profile-m-z/pioneer.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pithos.profile b/etc/profile-m-z/pithos.profile index 9db4459e1..714ebd86d 100644 --- a/etc/profile-m-z/pithos.profile +++ b/etc/profile-m-z/pithos.profile @@ -40,3 +40,4 @@ private-bin env,pithos,python* private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile index 773454c53..5ad20aafc 100644 --- a/etc/profile-m-z/pitivi.profile +++ b/etc/profile-m-z/pitivi.profile @@ -39,3 +39,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile index fb426681e..49bd8c318 100644 --- a/etc/profile-m-z/pix.profile +++ b/etc/profile-m-z/pix.profile @@ -34,3 +34,5 @@ private-bin pix private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 2af311269..88173edca 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile @@ -56,3 +56,4 @@ read-only ${HOME} read-only /var/log/apt/history.log read-only /var/log/dnf.rpm.log read-only /var/log/pacman.log +restrict-namespaces diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile index 0e4a06b44..efcdaa661 100644 --- a/etc/profile-m-z/pluma.profile +++ b/etc/profile-m-z/pluma.profile @@ -48,4 +48,5 @@ private-tmp # dbus-user none # dbus-system none +restrict-namespaces join-or-start pluma diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index 2140d1a21..62927f9f7 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile @@ -57,3 +57,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.config/PacmanLogViewer read-only /var/log/pacman.log +restrict-namespaces diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index ad30c5703..8e2c39b83 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile @@ -53,3 +53,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile index 068fd3412..dd730bf76 100644 --- a/etc/profile-m-z/polari.profile +++ b/etc/profile-m-z/polari.profile @@ -49,3 +49,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index bf5d9a9c3..58528c372 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index 9faa1fcd6..73b377712 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile @@ -35,3 +35,4 @@ private-dev private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index 13f48b048..ddc6524a5 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile index 8f8b2fff4..af117c3b5 100644 --- a/etc/profile-m-z/psi-plus.profile +++ b/etc/profile-m-z/psi-plus.profile @@ -42,3 +42,5 @@ seccomp !chroot disable-mnt private-dev private-tmp + +# restrict-namespaces diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index 943b8d3ac..be06c5d89 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile @@ -75,3 +75,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile index 358cc36da..ba71ab29d 100644 --- a/etc/profile-m-z/pybitmessage.profile +++ b/etc/profile-m-z/pybitmessage.profile @@ -43,3 +43,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 2a0f4288f..9605da3ac 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile @@ -63,3 +63,4 @@ dbus-user none dbus-system none # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo +restrict-namespaces diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile index f24916630..71374a8c8 100644 --- a/etc/profile-m-z/qcomicbook.profile +++ b/etc/profile-m-z/qcomicbook.profile @@ -64,3 +64,4 @@ read-write ${HOME}/.config/PawelStolowski read-write ${HOME}/.local/share/PawelStolowski #to allow ${HOME}/.local/share/recently-used.xbel read-write ${HOME}/.local/share +restrict-namespaces diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile index 034a2b7c1..8484d3705 100644 --- a/etc/profile-m-z/qemu-launcher.profile +++ b/etc/profile-m-z/qemu-launcher.profile @@ -25,3 +25,4 @@ private-cache private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-m-z/qemu-system-x86_64.profile b/etc/profile-m-z/qemu-system-x86_64.profile index e565e0165..495c469f7 100644 --- a/etc/profile-m-z/qemu-system-x86_64.profile +++ b/etc/profile-m-z/qemu-system-x86_64.profile @@ -24,3 +24,4 @@ private-cache private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index 2f8c42548..d4b71f972 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile @@ -56,3 +56,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile index d0a14b079..f183f6e0e 100644 --- a/etc/profile-m-z/qlipper.profile +++ b/etc/profile-m-z/qlipper.profile @@ -35,3 +35,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile index a3fd56186..ecd62a7d1 100644 --- a/etc/profile-m-z/qmmp.profile +++ b/etc/profile-m-z/qmmp.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index f6576ae2f..037cc96ec 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile index 17142a47f..4caa0917f 100644 --- a/etc/profile-m-z/qpdfview.profile +++ b/etc/profile-m-z/qpdfview.profile @@ -43,3 +43,5 @@ private-tmp # needs D-Bus when started from a file manager # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index e7566cbe4..09b70756b 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile index c0d737f00..f95720d71 100644 --- a/etc/profile-m-z/qtox.profile +++ b/etc/profile-m-z/qtox.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/quassel.profile b/etc/profile-m-z/quassel.profile index c65089e20..4589c9e4a 100644 --- a/etc/profile-m-z/quassel.profile +++ b/etc/profile-m-z/quassel.profile @@ -24,3 +24,5 @@ seccomp !chroot private-cache private-tmp + +# restrict-namespaces diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index 686562646..ad45a26d5 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile @@ -51,3 +51,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile index 761eb7215..a59f01f85 100644 --- a/etc/profile-m-z/quiterss.profile +++ b/etc/profile-m-z/quiterss.profile @@ -52,3 +52,4 @@ private-bin quiterss private-dev # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl,X11 +restrict-namespaces diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile index 345e85cdf..ea49684e3 100644 --- a/etc/profile-m-z/quodlibet.profile +++ b/etc/profile-m-z/quodlibet.profile @@ -63,3 +63,5 @@ private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf, private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index 3bdfb2cec..b83a0ce2d 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile @@ -48,7 +48,7 @@ notv protocol unix,inet,inet6,netlink # blacklisting of chroot system calls breaks qt webengine seccomp !chroot,!name_to_handle_at -# tracelog +#tracelog disable-mnt private-cache @@ -65,3 +65,5 @@ dbus-user.talk org.freedesktop.Notifications # with the above lines (might depend on the portal implementation). #ignore noroot dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/raincat.profile b/etc/profile-m-z/raincat.profile index 3042d5e3f..e320d82f7 100644 --- a/etc/profile-m-z/raincat.profile +++ b/etc/profile-m-z/raincat.profile @@ -46,3 +46,4 @@ private-tmp dbus-user none dbus-system none +restrict-namespaces diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile index a14d7862b..38a093337 100644 --- a/etc/profile-m-z/rambox.profile +++ b/etc/profile-m-z/rambox.profile @@ -35,4 +35,6 @@ protocol unix,inet,inet6,netlink # electron-based application, needing chroot #seccomp seccomp !chroot -# tracelog +#tracelog + +#restrict-namespaces diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile index e738d8cb3..774b46b28 100644 --- a/etc/profile-m-z/redeclipse.profile +++ b/etc/profile-m-z/redeclipse.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile index 7ee79d4c5..1295ce00d 100644 --- a/etc/profile-m-z/rednotebook.profile +++ b/etc/profile-m-z/rednotebook.profile @@ -63,3 +63,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile index e5564a532..cfc68a697 100644 --- a/etc/profile-m-z/redshift.profile +++ b/etc/profile-m-z/redshift.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index 82653c209..571381f57 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile @@ -52,3 +52,4 @@ dbus-system none # never write anything read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile index 79630f09c..208f57710 100644 --- a/etc/profile-m-z/remmina.profile +++ b/etc/profile-m-z/remmina.profile @@ -42,3 +42,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/retroarch.profile b/etc/profile-m-z/retroarch.profile index cb5544f5f..91486dc23 100644 --- a/etc/profile-m-z/retroarch.profile +++ b/etc/profile-m-z/retroarch.profile @@ -51,3 +51,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile index b4eabf7ee..dccd93429 100644 --- a/etc/profile-m-z/rhythmbox.profile +++ b/etc/profile-m-z/rhythmbox.profile @@ -63,3 +63,5 @@ dbus-user.talk org.freedesktop.Notifications dbus-user.talk org.gnome.SettingsDaemon.MediaKeys dbus-system filter dbus-system.talk org.freedesktop.Avahi + +restrict-namespaces diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile index a05c1f310..d5cb77fff 100644 --- a/etc/profile-m-z/ricochet.profile +++ b/etc/profile-m-z/ricochet.profile @@ -39,3 +39,4 @@ private-bin ricochet,tor private-dev #private-etc alternatives,alternatives,ca-certificates,crypto-policies,fonts,pki,ssl,tor,X11 +restrict-namespaces diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile index 5740fcfc4..33878e999 100644 --- a/etc/profile-m-z/ripperx.profile +++ b/etc/profile-m-z/ripperx.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile index 6dcf2121b..4562616d2 100644 --- a/etc/profile-m-z/ristretto.profile +++ b/etc/profile-m-z/ristretto.profile @@ -39,3 +39,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/rpcs3.profile b/etc/profile-m-z/rpcs3.profile index afd9da70a..186e31b46 100644 --- a/etc/profile-m-z/rpcs3.profile +++ b/etc/profile-m-z/rpcs3.profile @@ -59,3 +59,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index a3cb0122c..91b18678f 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile @@ -55,3 +55,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/rtin.profile b/etc/profile-m-z/rtin.profile index cd84ce05e..87aa69bcb 100644 --- a/etc/profile-m-z/rtin.profile +++ b/etc/profile-m-z/rtin.profile @@ -5,4 +5,5 @@ # Persistent local customizations include rtin.local +# Redirect include tin.profile diff --git a/etc/profile-m-z/rtorrent.profile b/etc/profile-m-z/rtorrent.profile index 8c52e3161..a1c735645 100644 --- a/etc/profile-m-z/rtorrent.profile +++ b/etc/profile-m-z/rtorrent.profile @@ -31,3 +31,5 @@ private-bin rtorrent private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index c4047ebd4..565925e7a 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile @@ -62,3 +62,5 @@ private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,host dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile index c299dd13a..f7ef54f5c 100644 --- a/etc/profile-m-z/sayonara.profile +++ b/etc/profile-m-z/sayonara.profile @@ -33,3 +33,4 @@ private-bin sayonara private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile index f8f9c681c..8f5c00f4a 100644 --- a/etc/profile-m-z/scallion.profile +++ b/etc/profile-m-z/scallion.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile index 838286665..a1a0176b9 100644 --- a/etc/profile-m-z/scorched3d.profile +++ b/etc/profile-m-z/scorched3d.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index 316bad98a..6dfb50c5a 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile index b9d1e59aa..34cf783fe 100644 --- a/etc/profile-m-z/scribus.profile +++ b/etc/profile-m-z/scribus.profile @@ -61,3 +61,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sdat2img.profile b/etc/profile-m-z/sdat2img.profile index a353bc495..c0f9e8aa5 100644 --- a/etc/profile-m-z/sdat2img.profile +++ b/etc/profile-m-z/sdat2img.profile @@ -41,3 +41,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile index 00ae021fd..184a06958 100644 --- a/etc/profile-m-z/seafile-applet.profile +++ b/etc/profile-m-z/seafile-applet.profile @@ -59,3 +59,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 45b12f2c8..7ff252ec7 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index af7abc1d9..0b7232cc4 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile @@ -67,3 +67,5 @@ dbus-user.own org.gnome.seahorse dbus-user.own org.gnome.seahorse.Application dbus-user.talk org.freedesktop.secrets dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile index 5210a594c..c2dbbc2c6 100644 --- a/etc/profile-m-z/seamonkey.profile +++ b/etc/profile-m-z/seamonkey.profile @@ -57,3 +57,5 @@ tracelog disable-mnt # private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl writable-run-user + +restrict-namespaces diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 8d8a1dac6..5b71fe6c3 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile @@ -83,6 +83,9 @@ private-dev # private-lib # private-opt none private-tmp +# writable-run-user +# writable-var +# writable-var-log dbus-user none # dbus-system none @@ -90,7 +93,4 @@ dbus-user none # deterministic-shutdown # memory-deny-write-execute # read-only ${HOME} -# restrict-namespaces -# writable-run-user -# writable-var -# writable-var-log +restrict-namespaces diff --git a/etc/profile-m-z/servo.profile b/etc/profile-m-z/servo.profile index 6eeba9eb6..65fef339e 100644 --- a/etc/profile-m-z/servo.profile +++ b/etc/profile-m-z/servo.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile index 49c4646ed..cf6b37db6 100644 --- a/etc/profile-m-z/shellcheck.profile +++ b/etc/profile-m-z/shellcheck.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile index 22cb272c5..cd2a9f13e 100644 --- a/etc/profile-m-z/shortwave.profile +++ b/etc/profile-m-z/shortwave.profile @@ -47,3 +47,5 @@ private-cache private-dev private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl,X11,xdg private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile index e2cbce2f5..ec0380ce7 100644 --- a/etc/profile-m-z/shotcut.profile +++ b/etc/profile-m-z/shotcut.profile @@ -35,3 +35,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index 44898a2e9..d33a97ffc 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile @@ -57,3 +57,5 @@ dbus-user.own org.gnome.Shotwell dbus-user.talk ca.desrt.dconf dbus-user.talk org.gtk.vfs.UDisks2VolumeMonitor dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index b70275d0d..d2b604df5 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile @@ -48,3 +48,5 @@ private-dev # Does not work with all Java configurations. You will notice immediately, so you might want to give it a try #private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java-10-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java.conf,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/silentarmy.profile b/etc/profile-m-z/silentarmy.profile index 74a51208c..96e4cf283 100644 --- a/etc/profile-m-z/silentarmy.profile +++ b/etc/profile-m-z/silentarmy.profile @@ -37,3 +37,4 @@ private-dev private-opt none private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile index 4d13a3ad3..14846cf58 100644 --- a/etc/profile-m-z/simple-scan.profile +++ b/etc/profile-m-z/simple-scan.profile @@ -38,3 +38,5 @@ tracelog # private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl # private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile index a68de8f40..6ee9ea6ba 100644 --- a/etc/profile-m-z/simplescreenrecorder.profile +++ b/etc/profile-m-z/simplescreenrecorder.profile @@ -36,3 +36,5 @@ tracelog private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile index 733ea6413..6ba735556 100644 --- a/etc/profile-m-z/simutrans.profile +++ b/etc/profile-m-z/simutrans.profile @@ -39,3 +39,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile index 1e60fb083..6b73b2289 100644 --- a/etc/profile-m-z/skanlite.profile +++ b/etc/profile-m-z/skanlite.profile @@ -33,3 +33,5 @@ seccomp !ioperm # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile index 8ec692657..3ad182b9e 100644 --- a/etc/profile-m-z/slashem.profile +++ b/etc/profile-m-z/slashem.profile @@ -44,3 +44,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +#restrict-namespaces diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile index 00770798e..0ab398ebd 100644 --- a/etc/profile-m-z/smplayer.profile +++ b/etc/profile-m-z/smplayer.profile @@ -52,3 +52,5 @@ private-tmp # problems with KDE # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile index a3a519511..b617444af 100644 --- a/etc/profile-m-z/smtube.profile +++ b/etc/profile-m-z/smtube.profile @@ -45,3 +45,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile index 9c93845f5..ffed9d44c 100644 --- a/etc/profile-m-z/smuxi-frontend-gnome.profile +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index ff8ba38b4..b4658b7af 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sol.profile b/etc/profile-m-z/sol.profile index 833b905fe..e2be4e9e0 100644 --- a/etc/profile-m-z/sol.profile +++ b/etc/profile-m-z/sol.profile @@ -44,3 +44,4 @@ dbus-user none dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/songrec.profile b/etc/profile-m-z/songrec.profile index 2e26fbb52..9261c1e3f 100644 --- a/etc/profile-m-z/songrec.profile +++ b/etc/profile-m-z/songrec.profile @@ -51,3 +51,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile index f8b87065b..f5ac6c739 100644 --- a/etc/profile-m-z/sound-juicer.profile +++ b/etc/profile-m-z/sound-juicer.profile @@ -40,3 +40,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile index d32ba87fc..843080cc8 100644 --- a/etc/profile-m-z/soundconverter.profile +++ b/etc/profile-m-z/soundconverter.profile @@ -47,3 +47,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index 7637eb868..5a1314315 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile @@ -65,3 +65,5 @@ dbus-user.talk org.freedesktop.FileManager1 #dbus-user.talk org.kde.JobViewServer #dbus-user.talk org.kde.kglobalaccel dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index f83fe9a17..4bc23fc04 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile @@ -53,3 +53,5 @@ dbus-user filter # Add the next line to your spectral.local to enable notification support. #dbus-user.talk org.freedesktop.Notifications dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile index 8c089a5af..d21f49e61 100644 --- a/etc/profile-m-z/spectre-meltdown-checker.profile +++ b/etc/profile-m-z/spectre-meltdown-checker.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index bfa3a805a..721e39cd4 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile @@ -53,3 +53,5 @@ private-tmp # dbus needed for MPRIS # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index 0808685d1..b6eee5293 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile @@ -49,3 +49,4 @@ private-tmp # dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index 35bcdca7c..76755def4 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile @@ -33,3 +33,5 @@ writable-run-user dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index c68b82b54..a7956a76e 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile @@ -51,3 +51,4 @@ dbus-system none deterministic-shutdown memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile index 7a59274bf..868c724d2 100644 --- a/etc/profile-m-z/standardnotes-desktop.profile +++ b/etc/profile-m-z/standardnotes-desktop.profile @@ -42,3 +42,5 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostnam dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 5e5a8e9bb..f807afdc7 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile @@ -178,7 +178,8 @@ private-dev private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan private-tmp -# dbus-user none -# dbus-system none +#dbus-user none +#dbus-system none read-only ${HOME}/.config/MangoHud +#restrict-namespaces diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile index ecb5201e0..c83ff40f8 100644 --- a/etc/profile-m-z/stellarium.profile +++ b/etc/profile-m-z/stellarium.profile @@ -43,3 +43,4 @@ private-bin stellarium private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index a6723e9de..e9d2ca430 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile @@ -46,3 +46,5 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostnam private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile index 506a38145..8c14ca51f 100644 --- a/etc/profile-m-z/strings.profile +++ b/etc/profile-m-z/strings.profile @@ -54,3 +54,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index b222b5be2..896d4bc3e 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index b082cc761..1f532d76c 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 7616217ff..b4eb70fcb 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile @@ -60,3 +60,5 @@ private-srv none dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index 78432bf43..3508e11b0 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile @@ -36,3 +36,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/sushi.profile b/etc/profile-m-z/sushi.profile index 46f5348fd..7b6a87b31 100644 --- a/etc/profile-m-z/sushi.profile +++ b/etc/profile-m-z/sushi.profile @@ -45,3 +45,4 @@ read-only /media read-only /run/mount read-only /run/media read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/sway.profile b/etc/profile-m-z/sway.profile index 046d1b4be..f71905150 100644 --- a/etc/profile-m-z/sway.profile +++ b/etc/profile-m-z/sway.profile @@ -17,3 +17,5 @@ netfilter noroot protocol unix,inet,inet6 seccomp + +restrict-namespaces diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile index 4c290aa01..a2bb7d8e5 100644 --- a/etc/profile-m-z/synfigstudio.profile +++ b/etc/profile-m-z/synfigstudio.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index a0a2ec7bc..cef029401 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile @@ -74,3 +74,4 @@ dbus-user.own org.gnome.Sysprof3 dbus-user.talk ca.desrt.dconf # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile index 57301a54d..bc8444efd 100644 --- a/etc/profile-m-z/tcpdump.profile +++ b/etc/profile-m-z/tcpdump.profile @@ -44,3 +44,4 @@ private-dev private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile index 31df5b97c..41da4ee13 100644 --- a/etc/profile-m-z/teamspeak3.profile +++ b/etc/profile-m-z/teamspeak3.profile @@ -39,3 +39,4 @@ disable-mnt private-dev private-tmp +# restrict-namespaces diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile index a253f9a76..f01cc1c74 100644 --- a/etc/profile-m-z/teeworlds.profile +++ b/etc/profile-m-z/teeworlds.profile @@ -43,3 +43,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index bdae44ad0..886d303c8 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile @@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.Notifications dbus-user.talk org.gnome.Mutter.IdleMonitor dbus-user.talk org.freedesktop.ScreenSaver dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/telnet.profile b/etc/profile-m-z/telnet.profile index 527c3c99f..13a47c958 100644 --- a/etc/profile-m-z/telnet.profile +++ b/etc/profile-m-z/telnet.profile @@ -51,3 +51,4 @@ dbus-system none memory-deny-write-execute noexec ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile index 4af30acc0..9249e33c8 100644 --- a/etc/profile-m-z/terasology.profile +++ b/etc/profile-m-z/terasology.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index 3dad84480..f49738f2b 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile @@ -32,3 +32,4 @@ private-cache private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index 0ca9cc1ce..3cbf90660 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile @@ -65,3 +65,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile index bb710edc3..a855ff839 100644 --- a/etc/profile-m-z/tmux.profile +++ b/etc/profile-m-z/tmux.profile @@ -42,3 +42,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/tor.profile b/etc/profile-m-z/tor.profile index ba7672068..275b170ff 100644 --- a/etc/profile-m-z/tor.profile +++ b/etc/profile-m-z/tor.profile @@ -48,3 +48,5 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor private-tmp writable-var + +restrict-namespaces diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 9d66c5fa4..fab792826 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile @@ -63,3 +63,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile index dfc20fc00..f83a74e9c 100644 --- a/etc/profile-m-z/torcs.profile +++ b/etc/profile-m-z/torcs.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile index 9ecc1e5ea..e21d37040 100644 --- a/etc/profile-m-z/totem.profile +++ b/etc/profile-m-z/totem.profile @@ -57,3 +57,5 @@ private-tmp # makes settings immutable # dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile index 6d7751953..f30b0aef6 100644 --- a/etc/profile-m-z/tracker.profile +++ b/etc/profile-m-z/tracker.profile @@ -36,3 +36,5 @@ tracelog # private-bin tracker # private-dev # private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index 6dcdf64b6..9937b7c11 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile index 78df412d7..0a9029c97 100644 --- a/etc/profile-m-z/transmission-common.profile +++ b/etc/profile-m-z/transmission-common.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile index 4bcc0affe..21c09067e 100644 --- a/etc/profile-m-z/tremulous.profile +++ b/etc/profile-m-z/tremulous.profile @@ -50,3 +50,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index eb3ae356a..63e964355 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile @@ -61,3 +61,4 @@ dbus-user.talk org.freedesktop.secrets dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini +restrict-namespaces diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile index 58f600259..f02532936 100644 --- a/etc/profile-m-z/truecraft.profile +++ b/etc/profile-m-z/truecraft.profile @@ -36,3 +36,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile index 807d43281..ab2b359e4 100644 --- a/etc/profile-m-z/tuxguitar.profile +++ b/etc/profile-m-z/tuxguitar.profile @@ -43,3 +43,5 @@ tracelog private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile index 6c1dcc603..518dc95c7 100644 --- a/etc/profile-m-z/tvbrowser.profile +++ b/etc/profile-m-z/tvbrowser.profile @@ -50,3 +50,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/udiskie.profile b/etc/profile-m-z/udiskie.profile index e9a2745bf..7e3c7ac5a 100644 --- a/etc/profile-m-z/udiskie.profile +++ b/etc/profile-m-z/udiskie.profile @@ -42,3 +42,5 @@ private-cache private-dev private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile index 3629f66f8..3d8f59df6 100644 --- a/etc/profile-m-z/uefitool.profile +++ b/etc/profile-m-z/uefitool.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile index 948f61801..d8840fad3 100644 --- a/etc/profile-m-z/uget-gtk.profile +++ b/etc/profile-m-z/uget-gtk.profile @@ -36,3 +36,5 @@ seccomp private-bin uget-gtk private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index d18c9fe94..63d84688c 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index 70c54a6bd..6ec6ea609 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile index 755d087ea..3e2b28dec 100644 --- a/etc/profile-m-z/unknown-horizons.profile +++ b/etc/profile-m-z/unknown-horizons.profile @@ -41,3 +41,4 @@ private-tmp # doesn't work - maybe all Tcl/Tk programs have this problem # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile index bb53917cf..f85e52273 100644 --- a/etc/profile-m-z/utox.profile +++ b/etc/profile-m-z/utox.profile @@ -46,3 +46,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index 7ac23bcb9..29d88832c 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile @@ -44,3 +44,5 @@ private-etc alternatives,ld.so.cache,ld.so.preload dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile index dcdae279f..dfda684e3 100644 --- a/etc/profile-m-z/uzbl-browser.profile +++ b/etc/profile-m-z/uzbl-browser.profile @@ -39,3 +39,5 @@ notv protocol unix,inet,inet6 seccomp tracelog + +restrict-namespaces diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index 6d7fa94e7..cdf615a02 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issues #1803 and #1808) +restrict-namespaces diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile index 65f1e2619..6ec74edd8 100644 --- a/etc/profile-m-z/viking.profile +++ b/etc/profile-m-z/viking.profile @@ -34,3 +34,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile index a6e05a32a..6847f1f5e 100644 --- a/etc/profile-m-z/vim.profile +++ b/etc/profile-m-z/vim.profile @@ -32,3 +32,5 @@ protocol unix,inet,inet6 seccomp private-dev + +restrict-namespaces diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index b9b40e348..34e580085 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile @@ -53,3 +53,5 @@ dbus-user.talk org.freedesktop.ScreenSaver ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher dbus-user.talk org.mpris.MediaPlayer2.Player dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index 1703c95e1..ba4136413 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile index dbfbcca8a..be1ef153b 100644 --- a/etc/profile-m-z/vym.profile +++ b/etc/profile-m-z/vym.profile @@ -33,3 +33,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index f5744e52c..fab5315aa 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile @@ -68,3 +68,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index 6b32a1613..37a8f78bb 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile index 0e3b88a02..c7f1d4c50 100644 --- a/etc/profile-m-z/warsow.profile +++ b/etc/profile-m-z/warsow.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile index 3e2c9b929..50c776412 100644 --- a/etc/profile-m-z/warzone2100.profile +++ b/etc/profile-m-z/warzone2100.profile @@ -47,3 +47,5 @@ disable-mnt private-bin bash,dash,sh,warzone2100,which private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile index ec6a0d7ab..6e5a63911 100644 --- a/etc/profile-m-z/webstorm.profile +++ b/etc/profile-m-z/webstorm.profile @@ -42,3 +42,5 @@ seccomp private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile index 057e75372..b42d4c380 100644 --- a/etc/profile-m-z/webui-aria2.profile +++ b/etc/profile-m-z/webui-aria2.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile index 07babd502..b190bf5ff 100644 --- a/etc/profile-m-z/weechat.profile +++ b/etc/profile-m-z/weechat.profile @@ -28,3 +28,5 @@ seccomp # no private-bin support for various reasons: # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins + +restrict-namespaces diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile index 345b26a2c..b6f29cfbf 100644 --- a/etc/profile-m-z/wesnoth.profile +++ b/etc/profile-m-z/wesnoth.profile @@ -36,3 +36,5 @@ seccomp private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index 1258b6fce..5e1823593 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile @@ -61,3 +61,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 4891af458..d8c72ac8b 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile index 99a3fae8c..30a471fac 100644 --- a/etc/profile-m-z/widelands.profile +++ b/etc/profile-m-z/widelands.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index f30fc971f..1e2b164b9 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile @@ -40,3 +40,5 @@ notv seccomp private-dev + +restrict-namespaces diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index 0a13c25aa..5823a2ad7 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 8f9c44d7d..ccc2e8dd0 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile index 1287faa2c..7f85e1ede 100644 --- a/etc/profile-m-z/wps.profile +++ b/etc/profile-m-z/wps.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/x-terminal-emulator.profile b/etc/profile-m-z/x-terminal-emulator.profile index 141d167a8..4b88e8118 100644 --- a/etc/profile-m-z/x-terminal-emulator.profile +++ b/etc/profile-m-z/x-terminal-emulator.profile @@ -21,3 +21,4 @@ dbus-user none dbus-system none noexec /tmp +restrict-namespaces diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile index b8bbba072..6dd374aac 100644 --- a/etc/profile-m-z/x2goclient.profile +++ b/etc/profile-m-z/x2goclient.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index 72e6d04a0..1b44b63e0 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile @@ -51,3 +51,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/xcalc.profile b/etc/profile-m-z/xcalc.profile index fef5613ad..3d808ce1f 100644 --- a/etc/profile-m-z/xcalc.profile +++ b/etc/profile-m-z/xcalc.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile index a94444aab..4061e26a4 100644 --- a/etc/profile-m-z/xchat.profile +++ b/etc/profile-m-z/xchat.profile @@ -21,3 +21,5 @@ protocol unix,inet,inet6 seccomp # private-bin requires perl, python*, etc. + +restrict-namespaces diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile index f117e96ab..dda803bd5 100644 --- a/etc/profile-m-z/xed.profile +++ b/etc/profile-m-z/xed.profile @@ -51,3 +51,4 @@ private-tmp # xed uses python plugins, memory-deny-write-execute breaks python # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile index 930d2755b..141fda909 100644 --- a/etc/profile-m-z/xfburn.profile +++ b/etc/profile-m-z/xfburn.profile @@ -28,3 +28,5 @@ tracelog # private-bin xfburn # private-dev # private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile index 7afe69814..633a9967c 100644 --- a/etc/profile-m-z/xfce4-dict.profile +++ b/etc/profile-m-z/xfce4-dict.profile @@ -37,3 +37,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index 006e1859b..95eb2046e 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile @@ -54,3 +54,4 @@ dbus-user.talk org.xfce.Xfconf dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile index 4ab8f34f4..f7d890eef 100644 --- a/etc/profile-m-z/xfce4-notes.profile +++ b/etc/profile-m-z/xfce4-notes.profile @@ -39,3 +39,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index ca4d77d73..575acc9b2 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none # memory-deny-write-execute -- see #3790 +restrict-namespaces diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index c755632ca..371db722c 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile @@ -48,3 +48,5 @@ private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile index e255ad927..ef8fd1d7f 100644 --- a/etc/profile-m-z/xmms.profile +++ b/etc/profile-m-z/xmms.profile @@ -29,3 +29,5 @@ seccomp private-bin xmms private-dev + +restrict-namespaces diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index 64b6bcaeb..ad1ba8ca3 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile @@ -43,3 +43,4 @@ private-opt cuda private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 3c5ef1ac0..9128c330b 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile @@ -53,3 +53,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.xonotic +restrict-namespaces diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index 71942edab..a17464a2a 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile index 33803a741..fdfb3bf59 100644 --- a/etc/profile-m-z/xpdf.profile +++ b/etc/profile-m-z/xpdf.profile @@ -42,3 +42,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile index 1087d7cd0..a673d6aa3 100644 --- a/etc/profile-m-z/xplayer.profile +++ b/etc/profile-m-z/xplayer.profile @@ -47,3 +47,5 @@ private-tmp # makes settings immutable # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile index c10ea4a63..05c12b9a2 100644 --- a/etc/profile-m-z/xpra.profile +++ b/etc/profile-m-z/xpra.profile @@ -51,3 +51,5 @@ disable-mnt private-dev # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,nsswitch.conf,resolv.conf,X11,xpra private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile index ec966fc5c..ff5dc619b 100644 --- a/etc/profile-m-z/xreader.profile +++ b/etc/profile-m-z/xreader.profile @@ -42,3 +42,4 @@ private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile index e7fa7051e..6c31df4a9 100644 --- a/etc/profile-m-z/xviewer.profile +++ b/etc/profile-m-z/xviewer.profile @@ -46,3 +46,4 @@ private-tmp # dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index ae0ccced6..6ea7fdfbd 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile @@ -74,3 +74,5 @@ read-write ${HOME}/.cache # your yelp.local if you need PDF printing support. #noblacklist ${DOCUMENTS} #whitelist ${DOCUMENTS} + +restrict-namespaces diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile index 48e18060f..c846893ef 100644 --- a/etc/profile-m-z/youtube-dl-gui.profile +++ b/etc/profile-m-z/youtube-dl-gui.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 19e176877..4f2cc9523 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile @@ -64,3 +64,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index 28c219377..f66e2938b 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile @@ -67,3 +67,5 @@ dbus-user filter dbus-user.talk org.mozilla.* dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile index 0caca9792..96324ebda 100644 --- a/etc/profile-m-z/zaproxy.profile +++ b/etc/profile-m-z/zaproxy.profile @@ -44,3 +44,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile index cd94a3fbd..5816ea5e3 100644 --- a/etc/profile-m-z/zart.profile +++ b/etc/profile-m-z/zart.profile @@ -35,3 +35,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile index 12b090d35..1daf89c84 100644 --- a/etc/profile-m-z/zathura.profile +++ b/etc/profile-m-z/zathura.profile @@ -59,3 +59,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.config/zathura read-write ${HOME}/.local/share/zathura +restrict-namespaces diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile index 84f6d52dd..453f40e73 100644 --- a/etc/profile-m-z/zeal.profile +++ b/etc/profile-m-z/zeal.profile @@ -69,3 +69,4 @@ dbus-user.talk org.mozilla.* dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile index 7350ed5a6..a9e5aa5c3 100644 --- a/etc/profile-m-z/zim.profile +++ b/etc/profile-m-z/zim.profile @@ -68,3 +68,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index 5f7d83a7c..b69de3be1 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile @@ -45,3 +45,5 @@ private-cache private-dev private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp + +restrict-namespaces -- cgit v1.2.3-54-g00ecf