From 1862d24fd9990bfc61f9ae9710f089b3d8038427 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 12 Mar 2019 23:45:13 +0100
Subject: add disable-exec.inc to few more profiles

---
 etc/baloo_file.profile          | 4 +---
 etc/default.profile             | 4 ++--
 etc/keepassx.profile            | 3 +--
 etc/keepassxc.profile           | 3 +--
 etc/kget.profile                | 3 +--
 etc/konversation.profile        | 3 +--
 etc/ktorrent.profile            | 3 +--
 etc/kwin_x11.profile            | 4 +---
 etc/mupdf.profile               | 1 +
 etc/musescore.profile           | 4 +---
 etc/qpdfview.profile            | 3 +--
 etc/torbrowser-launcher.profile | 5 +++--
 12 files changed, 15 insertions(+), 25 deletions(-)

(limited to 'etc')

diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 176d8cae7..f46987cc7 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -19,6 +19,7 @@ noblacklist ${HOME}/.local/share/baloo
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -46,6 +47,3 @@ private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kb
 private-cache
 private-dev
 private-tmp
-
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/default.profile b/etc/default.profile
index 917e42287..efa66d5db 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -10,11 +10,13 @@ include globals.local
 
 include disable-common.inc
 # include disable-devel.inc
+# include disable-exec.inc
 # include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 #include disable-xdg.inc
 
+# apparmor
 caps.drop all
 # ipc-namespace
 netfilter
@@ -42,5 +44,3 @@ seccomp
 # private-tmp
 
 # memory-deny-write-execute
-# noexec ${HOME}
-# noexec /tmp
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 357eb435d..44e9c67bb 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -14,6 +14,7 @@ noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -45,5 +46,3 @@ private-etc alternatives,fonts,machine-id
 private-tmp
 
 memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index f0546beda..33b4509b7 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -16,6 +16,7 @@ noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -47,8 +48,6 @@ private-tmp
 
 # 2.2.4 crashes on database open
 # memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
 
 # Mutex is stored in /tmp by default, which is broken by private-tmp
 join-or-start keepassxc
diff --git a/etc/kget.profile b/etc/kget.profile
index 2ef84a0ee..485edc1a4 100644
--- a/etc/kget.profile
+++ b/etc/kget.profile
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/kget
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -38,5 +39,3 @@ private-dev
 private-tmp
 
 # memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/konversation.profile b/etc/konversation.profile
index 03c51ccce..19174459c 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde4/share/config/konversationrc
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -39,5 +40,3 @@ private-dev
 private-tmp
 
 # memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index 7b7571176..f30a1b7e6 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/ktorrent
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -57,5 +58,3 @@ private-dev
 private-tmp
 
 # memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile
index 834f6f2dd..ee07636d3 100644
--- a/etc/kwin_x11.profile
+++ b/etc/kwin_x11.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/kwin
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -39,6 +40,3 @@ private-bin kwin_x11
 private-dev
 private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg
 private-tmp
-
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index c1d4f2cbe..1f2afa5f0 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -10,6 +10,7 @@ noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
diff --git a/etc/musescore.profile b/etc/musescore.profile
index 5f009c681..9750a31f4 100644
--- a/etc/musescore.profile
+++ b/etc/musescore.profile
@@ -15,6 +15,7 @@ noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -38,6 +39,3 @@ tracelog
 
 # private-bin musescore,mscore
 private-tmp
-
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
index 06598c769..6cb3fe4cd 100644
--- a/etc/qpdfview.profile
+++ b/etc/qpdfview.profile
@@ -12,6 +12,7 @@ noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -39,5 +40,3 @@ private-dev
 private-tmp
 
 memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 2b1cc6549..e45b335c8 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -6,6 +6,8 @@ include torbrowser-launcher.local
 # Persistent global definitions
 include globals.local
 
+ignore noexec ${HOME}
+
 noblacklist ${HOME}/.config/torbrowser
 noblacklist ${HOME}/.local/share/torbrowser
 
@@ -17,6 +19,7 @@ noblacklist /usr/lib/python3*
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -51,5 +54,3 @@ private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,r
 private-dev
 private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache
 private-tmp
-
-noexec /tmp
-- 
cgit v1.2.3-54-g00ecf