From 3d8f587cd8e2604df928be21c4dd201bd0b818fc Mon Sep 17 00:00:00 2001
From: rusty-snake <print_hello_world+Public@protonmail.com>
Date: Mon, 26 Aug 2019 10:29:45 +0200
Subject: Use new seccomp syntax (#2926) in more profiles

 Rules for redirecting profiles:
  - add exceptions: just add 'seccomp !SYSCALL'
  - remove exception:
    ```
    seccomp
    ignore seccomp
    ```
---
 etc/basilisk.profile     | 2 +-
 etc/palemoon.profile     | 2 +-
 etc/riot-desktop.profile | 3 +--
 3 files changed, 3 insertions(+), 4 deletions(-)

(limited to 'etc')

diff --git a/etc/basilisk.profile b/etc/basilisk.profile
index 5bc91dc74..8dc3847a0 100644
--- a/etc/basilisk.profile
+++ b/etc/basilisk.profile
@@ -14,8 +14,8 @@ whitelist ${HOME}/.cache/moonchild productions/basilisk
 whitelist ${HOME}/.moonchild productions
 
 # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
-ignore seccomp.drop
 seccomp
+ignore seccomp
 
 #private-bin basilisk
 # private-etc must first be enabled in firefox-common.profile
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 11464e6cf..acb2ce176 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -14,8 +14,8 @@ whitelist ${HOME}/.cache/moonchild productions/pale moon
 whitelist ${HOME}/.moonchild productions
 
 # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60)
-ignore seccomp.drop
 seccomp
+ignore seccomp
 
 #private-bin palemoon
 # private-etc must first be enabled in firefox-common.profile
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile
index e6af4c2cb..4372fabe1 100644
--- a/etc/riot-desktop.profile
+++ b/etc/riot-desktop.profile
@@ -7,8 +7,7 @@ include riot-desktop.local
 # added by included profile
 #include globals.local
 
-ignore seccomp
-seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mincore,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pivot_root,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+seccomp !chroot
 
 # Redirect
 include riot-web.profile
-- 
cgit v1.2.3-54-g00ecf