From 71f838b5bab312174c589aa7404a750660165a17 Mon Sep 17 00:00:00 2001 From: Tad Date: Fri, 11 Aug 2017 11:23:21 -0400 Subject: Fix notv placement --- etc/0ad.profile | 2 +- etc/2048-qt.profile | 2 +- etc/7z.profile | 3 +-- etc/Cryptocat.profile | 2 +- etc/Mathematica.profile | 2 +- etc/Thunar.profile | 2 +- etc/Xephyr.profile | 2 +- etc/Xvfb.profile | 2 +- etc/abrowser.profile | 2 +- etc/akregator.profile | 2 +- etc/amarok.profile | 2 +- etc/android-studio.profile | 2 +- etc/apktool.profile | 2 +- etc/arduino.profile | 2 +- etc/ark.profile | 2 +- etc/arm.profile | 2 +- etc/atom-beta.profile | 2 +- etc/atom.profile | 2 +- etc/atool.profile | 2 +- etc/atril.profile | 2 +- etc/audacious.profile | 2 +- etc/audacity.profile | 2 +- etc/aweather.profile | 2 +- etc/baloo_file.profile | 2 +- etc/baobab.profile | 2 +- etc/bibletime.profile | 2 +- etc/bitlbee.profile | 2 +- etc/bleachbit.profile | 2 +- etc/blender.profile | 2 +- etc/bless.profile | 2 +- etc/brasero.profile | 2 +- etc/brave.profile | 2 +- etc/caja.profile | 2 +- etc/calibre.profile | 2 +- etc/catfish.profile | 2 +- etc/cherrytree.profile | 2 +- etc/chromium.profile | 2 +- etc/claws-mail.profile | 2 +- etc/clementine.profile | 2 +- etc/clipit.profile | 2 +- etc/cmus.profile | 2 +- etc/conkeror.profile | 2 +- etc/corebird.profile | 2 +- etc/cpio.profile | 2 +- etc/curl.profile | 2 +- etc/cvlc.profile | 2 +- etc/cyberfox.profile | 2 +- etc/darktable.profile | 2 +- etc/deadbeef.profile | 2 +- etc/default.profile | 4 ++-- etc/deluge.profile | 2 +- etc/dex2jar.profile | 2 +- etc/dia.profile | 2 +- etc/digikam.profile | 2 +- etc/dillo.profile | 2 +- etc/dino.profile | 2 +- etc/display.profile | 2 +- etc/dnscrypt-proxy.profile | 2 +- etc/dnsmasq.profile | 2 +- etc/dolphin.profile | 2 +- etc/dosbox.profile | 2 +- etc/dragon.profile | 2 +- etc/dropbox.profile | 2 +- etc/electron.profile | 2 +- etc/elinks.profile | 2 +- etc/emacs.profile | 2 +- etc/empathy.profile | 2 +- etc/enchant.profile | 2 +- etc/engrampa.profile | 2 +- etc/eog.profile | 2 +- etc/eom.profile | 2 +- etc/epiphany.profile | 2 +- etc/etr.profile | 2 +- etc/evince.profile | 2 +- etc/evolution.profile | 2 +- etc/exiftool.profile | 2 +- etc/fbreader.profile | 2 +- etc/feh.profile | 2 +- etc/file-roller.profile | 2 +- etc/file.profile | 2 +- etc/filezilla.profile | 2 +- etc/firefox.profile | 2 +- etc/flashpeak-slimjet.profile | 2 +- etc/flowblade.profile | 2 +- etc/fontforge.profile | 2 +- etc/fossamail.profile | 3 ++- etc/franz.profile | 2 +- etc/frozen-bubble.profile | 2 +- etc/gajim.profile | 2 +- etc/galculator.profile | 2 +- etc/geany.profile | 2 +- etc/gedit.profile | 2 +- etc/geeqie.profile | 2 +- etc/gimp.profile | 2 +- etc/git.profile | 2 +- etc/gitg.profile | 2 +- etc/gitter.profile | 2 +- etc/gjs.profile | 2 +- etc/globaltime.profile | 2 +- etc/gnome-2048.profile | 2 +- etc/gnome-books.profile | 2 +- etc/gnome-calculator.profile | 2 +- etc/gnome-chess.profile | 2 +- etc/gnome-clocks.profile | 2 +- etc/gnome-contacts.profile | 2 +- etc/gnome-documents.profile | 2 +- etc/gnome-font-viewer.profile | 2 +- etc/gnome-maps.profile | 2 +- etc/gnome-music.profile | 2 +- etc/gnome-photos.profile | 2 +- etc/gnome-twitch.profile | 2 +- etc/gnome-weather.profile | 2 +- etc/goobox.profile | 2 +- etc/google-chrome-beta.profile | 2 +- etc/google-chrome-unstable.profile | 2 +- etc/google-chrome.profile | 2 +- etc/google-play-music-desktop-player.profile | 2 +- etc/gpa.profile | 2 +- etc/gpg-agent.profile | 2 +- etc/gpg.profile | 2 +- etc/gpicview.profile | 2 +- etc/gpredict.profile | 2 +- etc/gthumb.profile | 2 +- etc/guayadeque.profile | 2 +- etc/gucharmap.profile | 2 +- etc/gwenview.profile | 2 +- etc/gzip.profile | 2 +- etc/handbrake.profile | 2 +- etc/hashcat.profile | 2 +- etc/hedgewars.profile | 2 +- etc/hexchat.profile | 2 +- etc/highlight.profile | 2 +- etc/hugin.profile | 2 +- etc/icecat.profile | 2 +- etc/idea.sh.profile | 2 +- etc/img2txt.profile | 2 +- etc/inkscape.profile | 2 +- etc/jd-gui.profile | 2 +- etc/jitsi.profile | 2 +- etc/k3b.profile | 2 +- etc/kate.profile | 2 +- etc/kcalc.profile | 2 +- etc/keepass.profile | 2 +- etc/keepassx.profile | 2 +- etc/keepassx2.profile | 2 +- etc/keepassxc.profile | 2 +- etc/kino.profile | 2 +- etc/kmail.profile | 2 +- etc/knotes.profile | 2 +- etc/konversation.profile | 2 +- etc/ktorrent.profile | 2 +- etc/kwrite.profile | 2 +- etc/leafpad.profile | 2 +- etc/less.profile | 4 ++-- etc/libreoffice.profile | 2 +- etc/liferea.profile | 2 +- etc/lollypop.profile | 2 +- etc/luminance-hdr.profile | 2 +- etc/lximage-qt.profile | 2 +- etc/lxmusic.profile | 2 +- etc/lxterminal.profile | 2 +- etc/lynx.profile | 2 +- etc/mate-calc.profile | 2 +- etc/mate-calculator.profile | 9 +++------ etc/mate-color-select.profile | 2 +- etc/mate-dictionary.profile | 2 +- etc/mcabber.profile | 2 +- etc/mediainfo.profile | 2 +- etc/mediathekview.profile | 2 +- etc/meld.profile | 2 +- etc/midori.profile | 2 +- etc/mousepad.profile | 2 +- etc/multimc5.profile | 2 +- etc/mumble.profile | 2 +- etc/mupdf.profile | 3 ++- etc/mupen64plus.profile | 2 +- etc/mutt.profile | 2 +- etc/nautilus.profile | 2 +- etc/nemo.profile | 2 +- etc/netsurf.profile | 2 +- etc/nylas.profile | 2 +- etc/obs.profile | 2 +- etc/odt2txt.profile | 2 +- etc/okular.profile | 2 +- etc/open-invaders.profile | 2 +- etc/openshot.profile | 2 +- etc/orage.profile | 2 +- etc/palemoon.profile | 2 +- etc/parole.profile | 2 +- etc/pcmanfm.profile | 2 +- etc/pdfsam.profile | 2 +- etc/pdftotext.profile | 2 +- etc/peek.profile | 2 +- etc/picard.profile | 2 +- etc/pidgin.profile | 2 +- etc/pingus.profile | 2 +- etc/pithos.profile | 2 +- etc/pix.profile | 2 +- etc/pluma.profile | 2 +- etc/polari.profile | 2 +- etc/psi-plus.profile | 2 +- etc/qbittorrent.profile | 2 +- etc/qemu-launcher.profile | 2 +- etc/qemu-system-x86_64.profile | 2 +- etc/qlipper.profile | 2 +- etc/qpdfview.profile | 2 +- etc/qtox.profile | 2 +- etc/quassel.profile | 2 +- etc/quiterss.profile | 2 +- etc/qupzilla.profile | 2 +- etc/qutebrowser.profile | 2 +- etc/rambox.profile | 2 +- etc/ranger.profile | 2 +- etc/remmina.profile | 2 +- etc/rhythmbox.profile | 2 +- etc/ristretto.profile | 2 +- etc/rtorrent.profile | 2 +- etc/scribus.profile | 2 +- etc/sdat2img.profile | 2 +- etc/seamonkey.profile | 2 +- etc/silentarmy.profile | 2 +- etc/simple-scan.profile | 2 +- etc/simutrans.profile | 2 +- etc/skanlite.profile | 2 +- etc/skype.profile | 2 +- etc/skypeforlinux.profile | 2 +- etc/slack.profile | 2 +- etc/soundconverter.profile | 2 +- etc/spotify.profile | 2 +- etc/sqlitebrowser.profile | 2 +- etc/ssh-agent.profile | 2 +- etc/ssh.profile | 2 +- etc/start-tor-browser.profile | 2 +- etc/steam.profile | 2 +- etc/stellarium.profile | 2 +- etc/strings.profile | 2 +- etc/supertux2.profile | 2 +- etc/synfigstudio.profile | 2 +- etc/tar.profile | 2 +- etc/telegram.profile | 2 +- etc/tracker.profile | 2 +- etc/transmission-cli.profile | 2 +- etc/transmission-gtk.profile | 2 +- etc/transmission-qt.profile | 2 +- etc/transmission-show.profile | 2 +- etc/truecraft.profile | 2 +- etc/tuxguitar.profile | 2 +- etc/uget-gtk.profile | 2 +- etc/unbound.profile | 2 +- etc/unknown-horizons.profile | 2 +- etc/unrar.profile | 2 +- etc/unzip.profile | 2 +- etc/uudeview.profile | 2 +- etc/uzbl-browser.profile | 2 +- etc/viewnior.profile | 2 +- etc/viking.profile | 2 +- etc/vim.profile | 2 +- etc/vivaldi.profile | 2 +- etc/vym.profile | 2 +- etc/w3m.profile | 2 +- etc/warzone2100.profile | 2 +- etc/waterfox.profile | 2 +- etc/weechat.profile | 2 +- etc/wesnoth.profile | 2 +- etc/wget.profile | 2 +- etc/wine.profile | 2 +- etc/wire.profile | 2 +- etc/wireshark.profile | 2 +- etc/xchat.profile | 2 +- etc/xed.profile | 2 +- etc/xfburn.profile | 2 +- etc/xfce4-dict.profile | 2 +- etc/xfce4-notes.profile | 2 +- etc/xiphos.profile | 2 +- etc/xmms.profile | 2 +- etc/xonotic.profile | 2 +- etc/xpdf.profile | 2 +- etc/xplayer.profile | 2 +- etc/xreader.profile | 2 +- etc/xviewer.profile | 2 +- etc/xzdec.profile | 2 +- etc/youtube-dl.profile | 2 +- etc/zathura.profile | 2 +- etc/zoom.profile | 2 +- 284 files changed, 290 insertions(+), 292 deletions(-) (limited to 'etc') diff --git a/etc/0ad.profile b/etc/0ad.profile index e05d4c0ed..56aa8532f 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -27,6 +27,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -39,4 +40,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index da4123517..b5956b439 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/7z.profile b/etc/7z.profile index 8e782d11f..1333a8c20 100644 --- a/etc/7z.profile +++ b/etc/7z.profile @@ -12,7 +12,7 @@ ignore noroot net none no3d nosound -nosound +notv novideo shell none tracelog @@ -20,4 +20,3 @@ tracelog private-dev include /etc/firejail/default.profile -notv diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index e0fc13f0c..1db1af9a6 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile @@ -18,10 +18,10 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6,netlink seccomp shell none private-dev private-tmp -notv diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index ddc76fadc..c023f87ee 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -23,5 +23,5 @@ include /etc/firejail/whitelist-common.inc caps.drop all nonewprivs noroot -seccomp notv +seccomp diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 2e3483b2e..039edc63a 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile @@ -21,9 +21,9 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp shell none tracelog -notv diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index 7af518397..8ea000750 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile @@ -27,6 +27,7 @@ nonewprivs # In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix. # noroot nosound +notv protocol unix seccomp shell none @@ -38,4 +39,3 @@ private private-dev # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname private-tmp -notv diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 934008110..28102d339 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile @@ -28,6 +28,7 @@ nonewprivs # In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix. #noroot nosound +notv protocol unix seccomp shell none @@ -39,4 +40,3 @@ private private-dev private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname private-tmp -notv diff --git a/etc/abrowser.profile b/etc/abrowser.profile index b30924dbb..ca9e87ff5 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -39,9 +39,9 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp tracelog # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse -notv diff --git a/etc/akregator.profile b/etc/akregator.profile index fea540566..0e4a7290a 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile @@ -19,6 +19,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/amarok.profile b/etc/amarok.profile index ece667fac..e10cfbefe 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile @@ -16,6 +16,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 # seccomp shell none @@ -24,4 +25,3 @@ shell none private-dev # private-etc none private-tmp -notv diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 65f57a0c7..eee6f3ce8 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile @@ -23,6 +23,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -32,4 +33,3 @@ private-dev # private-tmp noexec /tmp -notv diff --git a/etc/apktool.profile b/etc/apktool.profile index 8c4204fdd..6e8b9ba53 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -27,4 +28,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/arduino.profile b/etc/arduino.profile index 62320fe5d..8732b8dec 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/ark.profile b/etc/ark.profile index ccc209e78..45548a566 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -27,4 +28,3 @@ shell none private-dev # private-etc private-tmp -notv diff --git a/etc/arm.profile b/etc/arm.profile index b37c5910f..5deb15738 100644 --- a/etc/arm.profile +++ b/etc/arm.profile @@ -24,6 +24,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -38,4 +39,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 0e7eb4235..74a1e649a 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6,netlink seccomp @@ -25,4 +26,3 @@ shell none private-dev private-tmp -notv diff --git a/etc/atom.profile b/etc/atom.profile index 540c5dfc8..4f144e8b4 100644 --- a/etc/atom.profile +++ b/etc/atom.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6,netlink seccomp @@ -25,4 +26,3 @@ shell none private-dev private-tmp -notv diff --git a/etc/atool.profile b/etc/atool.profile index ed937b07b..30ad86498 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ tracelog private-dev private-etc none private-tmp -notv diff --git a/etc/atril.profile b/etc/atril.profile index 1f4b124a8..2a52ba6a7 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -27,4 +28,3 @@ tracelog private-bin atril, atril-previewer, atril-thumbnailer private-dev private-tmp -notv diff --git a/etc/audacious.profile b/etc/audacious.profile index bbb1fb6fd..3baa0ddba 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -17,6 +17,7 @@ caps.drop all netfilter nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -25,4 +26,3 @@ tracelog private-bin audacious private-tmp -notv diff --git a/etc/audacity.profile b/etc/audacity.profile index fb87cf252..5387761e8 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -18,6 +18,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/aweather.profile b/etc/aweather.profile index 28e63c9ce..2bdf95f0e 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -31,4 +32,3 @@ tracelog private-bin aweather private-dev private-tmp -notv diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index e2b60e49e..fc55ae1cb 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix # Baloo makes ioprio_set system calls, which are blacklisted by default. @@ -39,4 +40,3 @@ noexec /tmp # read-only ${HOME} # read-write ${HOME}/.local/share # noexec ${HOME}/.local/share -notv diff --git a/etc/baobab.profile b/etc/baobab.profile index a3644f876..fc05e9e3e 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/bibletime.profile b/etc/bibletime.profile index ec20f3725..d0f76fd1b 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile @@ -28,6 +28,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6,netlink seccomp @@ -38,4 +39,3 @@ tracelog private-dev private-etc fonts,resolv.conf,sword,sword.conf,passwd private-tmp -notv diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 307a9c47a..5f714ab04 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile @@ -17,6 +17,7 @@ netfilter no3d nonewprivs nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -29,4 +30,3 @@ private-tmp read-write /var/lib/bitlbee noexec /tmp -notv diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index a48b6d8e8..2fc9bf5b1 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ shell none memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/blender.profile b/etc/blender.profile index 557dfb4ac..ec203eaed 100644 --- a/etc/blender.profile +++ b/etc/blender.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -26,4 +27,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/bless.profile b/etc/bless.profile index 01a6deaf4..6f0fc3f84 100644 --- a/etc/bless.profile +++ b/etc/bless.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/brasero.profile b/etc/brasero.profile index d26c745d6..eff4cba43 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ tracelog memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/brave.profile b/etc/brave.profile index bfa16d7af..38c9cfed4 100644 --- a/etc/brave.profile +++ b/etc/brave.profile @@ -30,8 +30,8 @@ include /etc/firejail/whitelist-common.inc netfilter # nonewprivs # noroot +notv # protocol unix,inet,inet6,netlink # seccomp # disable-mnt -notv diff --git a/etc/caja.profile b/etc/caja.profile index 293709e14..fb57f5fd8 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -22,6 +22,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix seccomp shell none @@ -32,4 +33,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -notv diff --git a/etc/calibre.profile b/etc/calibre.profile index e2ac57521..1fe2f6c93 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/catfish.profile b/etc/catfish.profile index 21232206e..190a1ba97 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ tracelog # private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m # private-dev # private-tmp -notv diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 676d17db7..d11ea8206 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6,netlink seccomp @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/chromium.profile b/etc/chromium.profile index 580a1643c..8454d3d17 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile @@ -28,6 +28,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter nogroups +notv shell none private-dev @@ -35,4 +36,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index 7d81b3da7..0af5de283 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile @@ -20,10 +20,10 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none private-dev private-tmp -notv diff --git a/etc/clementine.profile b/etc/clementine.profile index d86a0266f..14437db3e 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -15,8 +15,8 @@ include /etc/firejail/disable-programs.inc caps.drop all nonewprivs noroot +notv novideo protocol unix,inet,inet6 # Clementine makes ioprio_set system calls, which are blacklisted by default. seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old -notv diff --git a/etc/clipit.profile b/etc/clipit.profile index cb053a318..83b27000d 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/cmus.profile b/etc/cmus.profile index 0deeb9bce..cf0830475 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile @@ -16,10 +16,10 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none private-bin cmus private-etc group -notv diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 931678e82..8d031f8b6 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile @@ -27,6 +27,6 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/corebird.profile b/etc/corebird.profile index 58ec38c07..f7810b4ae 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile @@ -14,6 +14,6 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter noroot +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/cpio.profile b/etc/cpio.profile index f198ed26f..373e13c7c 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile @@ -20,9 +20,9 @@ net none net none no3d nosound +notv seccomp shell none tracelog private-dev -notv diff --git a/etc/curl.profile b/etc/curl.profile index 25a97c3c3..22c82a106 100644 --- a/etc/curl.profile +++ b/etc/curl.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/cvlc.profile b/etc/cvlc.profile index 68347d12e..04168b7f5 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -28,4 +29,3 @@ private-dev private-tmp memory-deny-write-execute -notv diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index 20089ec41..eb1ea39e0 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -55,6 +55,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -68,4 +69,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/darktable.profile b/etc/darktable.profile index 4b7f0d1fd..001f24e7e 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index c6843f27c..3367aa8f4 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile @@ -18,6 +18,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/default.profile b/etc/default.profile index eaefa34e4..066cb1fef 100644 --- a/etc/default.profile +++ b/etc/default.profile @@ -16,13 +16,13 @@ include /etc/firejail/disable-programs.inc caps.drop all # ipc-namespace netfilter +# no3d # nogroups nonewprivs noroot # nosound -# novideo # notv -# no3d +# novideo protocol unix,inet,inet6 seccomp # shell none diff --git a/etc/deluge.profile b/etc/deluge.profile index 6685c88aa..f406fb133 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -22,6 +22,7 @@ netfilter nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -31,4 +32,3 @@ shell none # private-bin deluge,sh,python,uname private-dev private-tmp -notv diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index afcd23300..a4917b66e 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/dia.profile b/etc/dia.profile index 7f3c17167..4a20aa4da 100644 --- a/etc/dia.profile +++ b/etc/dia.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/digikam.profile b/etc/digikam.profile index 3fff61433..e0906b06c 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile @@ -19,6 +19,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/dillo.profile b/etc/dillo.profile index 1e2b7ced5..45eda5c91 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile @@ -23,7 +23,7 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp tracelog -notv diff --git a/etc/dino.profile b/etc/dino.profile index 34705f498..cfda5de89 100644 --- a/etc/dino.profile +++ b/etc/dino.profile @@ -24,6 +24,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -37,4 +38,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/display.profile b/etc/display.profile index 56cc16698..17dd01fdf 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -26,4 +27,3 @@ private-bin display private-dev private-etc none private-tmp -notv diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index ddb379bb0..07f089703 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile @@ -15,8 +15,8 @@ include /etc/firejail/disable-programs.inc no3d nosound +notv seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open private private-dev -notv diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index ddf7e8416..84ec9c9e2 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile @@ -18,10 +18,10 @@ netfilter no3d nonewprivs nosound +notv protocol unix,inet,inet6,netlink seccomp disable-mnt private private-dev -notv diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 348f933c5..3db73d712 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile @@ -22,6 +22,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ shell none # private-dev # private-etc # private-tmp -notv diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 540ef6eea..d9a8606de 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -25,4 +26,3 @@ tracelog private-bin dosbox private-dev private-tmp -notv diff --git a/etc/dragon.profile b/etc/dragon.profile index 7bcef0b44..474911d2f 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 37dc196df..4a1e192c7 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -30,6 +30,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -39,4 +40,3 @@ private-dev private-tmp noexec /tmp -notv diff --git a/etc/electron.profile b/etc/electron.profile index 1c5794af6..6ca67f8bb 100644 --- a/etc/electron.profile +++ b/etc/electron.profile @@ -15,6 +15,6 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp -notv diff --git a/etc/elinks.profile b/etc/elinks.profile index 35b27d015..d162a8c34 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -31,4 +32,3 @@ tracelog private-dev # private-etc none private-tmp -notv diff --git a/etc/emacs.profile b/etc/emacs.profile index e0bc682f4..fbf183f43 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile @@ -17,6 +17,6 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/empathy.profile b/etc/empathy.profile index f3e6813a1..7a2503d34 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -15,6 +15,6 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/enchant.profile b/etc/enchant.profile index f5acf432e..35ead9c86 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -27,4 +28,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -notv diff --git a/etc/engrampa.profile b/etc/engrampa.profile index 45d2abcbb..05959e2cd 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -27,4 +28,3 @@ tracelog private-dev # private-etc fonts # private-tmp -notv diff --git a/etc/eog.profile b/etc/eog.profile index 655763b08..f65f854a8 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -35,4 +36,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/eom.profile b/etc/eom.profile index ba31eaa5d..99f784c52 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/epiphany.profile b/etc/epiphany.profile index d1a0c2f53..aec536d42 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -25,6 +25,6 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter nonewprivs +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/etr.profile b/etc/etr.profile index 5676d9ea7..8b079754a 100644 --- a/etc/etr.profile +++ b/etc/etr.profile @@ -20,6 +20,7 @@ net none nogroups nonewprivs noroot +notv protocol unix,netlink seccomp shell none @@ -28,4 +29,3 @@ shell none private-dev # private-etc none private-tmp -notv diff --git a/etc/evince.profile b/etc/evince.profile index aba6a1d5a..23eee6c55 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -34,4 +35,3 @@ private-etc fonts memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/evolution.profile b/etc/evolution.profile index 94cd82ed8..cedbd2a18 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -36,4 +37,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 58c0c9fc7..e743e6b41 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -24,6 +24,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -33,4 +34,3 @@ tracelog private-dev private-etc none private-tmp -notv diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 27345be2a..e124200fc 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -17,6 +17,7 @@ netfilter nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -24,4 +25,3 @@ shell none private-bin fbreader,FBReader private-dev private-tmp -notv diff --git a/etc/feh.profile b/etc/feh.profile index 65639b4f7..c0d457ed1 100644 --- a/etc/feh.profile +++ b/etc/feh.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -25,4 +26,3 @@ private-bin feh private-dev private-etc feh private-tmp -notv diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 9effc7b38..68c0e8602 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -32,4 +33,3 @@ private-dev memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/file.profile b/etc/file.profile index 24f498213..0b34b5b37 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -19,6 +19,7 @@ no3d nogroups nonewprivs nosound +notv protocol unix seccomp shell none @@ -28,4 +29,3 @@ x11 none private-bin file private-dev private-etc magic.mgc,magic,localtime -notv diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 002eebb8e..53bb0a1a7 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -17,6 +17,7 @@ netfilter nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -24,4 +25,3 @@ shell none private-bin filezilla,uname,sh,bash,dash,python,lsb_release,fzputtygen,fzsftp private-dev private-tmp -notv diff --git a/etc/firefox.profile b/etc/firefox.profile index e94507c8f..b6d21a158 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -55,6 +55,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -68,4 +69,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 659fe1d43..e9c09e4ba 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile @@ -32,6 +32,6 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp -notv diff --git a/etc/flowblade.profile b/etc/flowblade.profile index d10d3eb7c..a00b1bf5e 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile @@ -18,6 +18,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -27,4 +28,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/fontforge.profile b/etc/fontforge.profile index d22c7310b..001e550e7 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/fossamail.profile b/etc/fossamail.profile index 75766f7d2..a6f07266b 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile @@ -17,5 +17,6 @@ whitelist ~/.fossamail whitelist ~/.gnupg include /etc/firejail/whitelist-common.inc -include /etc/firejail/firefox.profile notv + +include /etc/firejail/firefox.profile diff --git a/etc/franz.profile b/etc/franz.profile index aa200367c..128d88a9a 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -27,6 +27,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -37,4 +38,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index aa52fc264..c66c76c05 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile @@ -20,6 +20,7 @@ net none nogroups nonewprivs noroot +notv protocol unix,netlink seccomp shell none @@ -28,4 +29,3 @@ shell none private-dev # private-etc none private-tmp -notv diff --git a/etc/gajim.profile b/etc/gajim.profile index fead7f6ae..79ff6217a 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -31,6 +31,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -42,4 +43,3 @@ private-dev # private-tmp # Allow the local python 2.7 site packages, in case any plugins are using these read-only ${HOME}/.local/lib/python2.7/site-packages/ -notv diff --git a/etc/galculator.profile b/etc/galculator.profile index 816a338a7..e6006aded 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -31,4 +32,3 @@ private-bin galculator private-dev private-etc fonts private-tmp -notv diff --git a/etc/geany.profile b/etc/geany.profile index 88ce48bc1..f5e821d62 100644 --- a/etc/geany.profile +++ b/etc/geany.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -25,4 +26,3 @@ shell none private-dev private-tmp -notv diff --git a/etc/gedit.profile b/etc/gedit.profile index f82077366..a215a0d61 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/geeqie.profile b/etc/geeqie.profile index e33e0b7b1..26636ca64 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -26,4 +27,3 @@ shell none # private-bin geeqie private-dev # private-etc X11 -notv diff --git a/etc/gimp.profile b/etc/gimp.profile index b7b5b03b7..510d2aa0a 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -28,4 +29,3 @@ private-tmp # if you are not using external plugins, you can enable noexec statement below # noexec ${HOME} noexec /tmp -notv diff --git a/etc/git.profile b/etc/git.profile index 563175307..142edcf1c 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -27,9 +27,9 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none private-dev -notv diff --git a/etc/gitg.profile b/etc/gitg.profile index a088b3cd8..570ed5a46 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -31,4 +32,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/gitter.profile b/etc/gitter.profile index e54ea88d2..8566f636a 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -25,4 +26,3 @@ shell none private-bin gitter private-dev private-tmp -notv diff --git a/etc/gjs.profile b/etc/gjs.profile index 348ccfe25..5e4bea850 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -22,6 +22,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -31,4 +32,3 @@ tracelog private-dev # private-etc fonts private-tmp -notv diff --git a/etc/globaltime.profile b/etc/globaltime.profile index d86820d1e..1b16f4171 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 531660e38..a31602338 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile @@ -21,6 +21,7 @@ netfilter no3d nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 955afe32b..ae8dbb35e 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 874ca5a87..b31ec3371 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -33,4 +34,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 8082fd253..6801a0f49 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index ad77c4f53..411bc8bdc 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile @@ -17,6 +17,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index 3a33a2ae3..7ce444eed 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile @@ -18,6 +18,7 @@ no3d nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 4168d1b0b..62be67c5e 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index 1427a02ba..06e8f2bd0 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile @@ -17,6 +17,7 @@ no3d nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -27,4 +28,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 497e3e724..0e3846c05 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index bc0ddc117..d3c61d9b4 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -18,6 +18,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index a2e74b9d7..68d1f2617 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index 42fb81b36..0c325d3f2 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile @@ -23,6 +23,7 @@ caps.drop all nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index d0657a1d1..4d64defcf 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -35,4 +36,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/goobox.profile b/etc/goobox.profile index 7a9157e84..cfd479acc 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile @@ -16,6 +16,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix seccomp shell none @@ -25,4 +26,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -notv diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 7f07bc959..a0a67883d 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter nogroups +notv shell none private-dev @@ -33,4 +34,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 7dc90faf3..8d5057a5d 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter nogroups +notv shell none private-dev @@ -33,4 +34,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 3e539ea71..be016d7e7 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter nogroups +notv shell none private-dev @@ -33,4 +34,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index c1af553c3..550d3d63c 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile @@ -23,6 +23,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6,netlink seccomp @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gpa.profile b/etc/gpa.profile index b55a60e02..c5f767cf8 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -25,4 +26,3 @@ tracelog # private-bin gpa,gpg private-dev -notv diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index f73b21379..c1c6b7686 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -28,4 +29,3 @@ tracelog # private-bin gpg-agent,gpg private-dev -notv diff --git a/etc/gpg.profile b/etc/gpg.profile index 73d7eeaf9..137e37d5f 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -28,4 +29,3 @@ tracelog # private-bin gpg,gpg-agent private-dev -notv diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 32cd56956..ad30915a4 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -27,4 +28,3 @@ private-bin gpicview private-dev private-etc fonts private-tmp -notv diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 4bf4fd78d..8066579d3 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 244fe4d61..4911fbaae 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -27,4 +28,3 @@ tracelog private-bin gthumb private-dev private-tmp -notv diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index ac0000bd8..7713f216f 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -27,4 +28,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 75b58178a..cfb014623 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 463bfd9bc..b0a1fc5ef 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -23,6 +23,7 @@ caps.drop all nogroups nonewprivs noroot +notv novideo protocol unix seccomp @@ -35,4 +36,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/gzip.profile b/etc/gzip.profile index 2c6e521fd..3d0f223f0 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile @@ -12,10 +12,10 @@ ignore noroot net none no3d nosound +notv shell none tracelog private-dev include /etc/firejail/default.profile -notv diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 11d1210ea..2b32abca6 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6,netlink seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/hashcat.profile b/etc/hashcat.profile index f79b764a9..8f4ddce07 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 80630b6d6..90515b8de 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -21,10 +21,10 @@ netfilter nogroups nonewprivs noroot +notv seccomp tracelog disable-mnt private-dev private-tmp -notv diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 2befcf1fb..178f384b1 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -24,6 +24,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -38,4 +39,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/highlight.profile b/etc/highlight.profile index 69027e9af..decba5f6c 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -28,4 +29,3 @@ private-bin highlight private-dev # private-etc none private-tmp -notv diff --git a/etc/hugin.profile b/etc/hugin.profile index 9e6f8525e..5d66ce3db 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/icecat.profile b/etc/icecat.profile index fcce3f931..4829675bb 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -39,6 +39,7 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp tracelog @@ -47,4 +48,3 @@ tracelog noexec ${HOME} noexec /tmp -notv diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index 8986e5082..d74386afa 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile @@ -23,6 +23,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -32,4 +33,3 @@ private-dev # private-tmp noexec /tmp -notv diff --git a/etc/img2txt.profile b/etc/img2txt.profile index cfcbdab1b..2d2e686b8 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -26,4 +27,3 @@ tracelog private-dev # private-etc none private-tmp -notv diff --git a/etc/inkscape.profile b/etc/inkscape.profile index b289a7fbd..7c0fdfc97 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 302389bec..990e1a563 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/jitsi.profile b/etc/jitsi.profile index 5c4e66d7c..5e835b2a3 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile @@ -16,6 +16,7 @@ caps.drop all nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -23,4 +24,3 @@ tracelog disable-mnt private-tmp -notv diff --git a/etc/k3b.profile b/etc/k3b.profile index 79566fbc8..ca190ecb9 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile @@ -19,6 +19,7 @@ no3d nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ tracelog # private-bin # private-etc # private-tmp -notv diff --git a/etc/kate.profile b/etc/kate.profile index 32b27b419..7f44454b7 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -33,4 +34,3 @@ tracelog private-dev # private-etc fonts private-tmp -notv diff --git a/etc/kcalc.profile b/etc/kcalc.profile index bf113fd73..8e1239848 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/keepass.profile b/etc/keepass.profile index 558d35086..d925261a2 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -35,4 +36,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 6397cea8e..cd9d7d0b3 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -36,4 +37,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index def4f24af..dd81311df 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 92f033d2d..5c8229b95 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -35,4 +36,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/kino.profile b/etc/kino.profile index ecb96b73d..240dab8ef 100644 --- a/etc/kino.profile +++ b/etc/kino.profile @@ -18,6 +18,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/kmail.profile b/etc/kmail.profile index 9539be64d..180beb2a6 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -17,10 +17,10 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp tracelog private-dev # private-tmp -notv diff --git a/etc/knotes.profile b/etc/knotes.profile index a05100cf7..e5e449b35 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -27,4 +28,3 @@ tracelog private-dev # private-etc fonts private-tmp -notv diff --git a/etc/konversation.profile b/etc/konversation.profile index 8372c1b6a..926839633 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile @@ -15,8 +15,8 @@ caps.drop all netfilter nogroups noroot +notv protocol unix,inet,inet6 seccomp private-tmp -notv diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 7256a3627..0c159bb0e 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile @@ -39,6 +39,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -49,4 +50,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/kwrite.profile b/etc/kwrite.profile index ef2d801fd..15113f361 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot # nosound - KWrite is using ALSA! +notv novideo protocol unix seccomp @@ -33,4 +34,3 @@ tracelog private-dev # private-etc fonts private-tmp -notv diff --git a/etc/leafpad.profile b/etc/leafpad.profile index bb3b0113d..4fc549241 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/less.profile b/etc/less.profile index 6259a61b5..e0800891e 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -12,9 +12,11 @@ ignore noroot net none no3d nosound +notv novideo shell none tracelog +writable-var-log # The user can have a custom coloring scritps configured in ~/.lessfilter. # Enable private-bin if you are not using any filter. @@ -24,7 +26,5 @@ private-dev memory-deny-write-execute noexec ${HOME} noexec /tmp -writable-var-log include /etc/firejail/default.profile -notv diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 3204788c4..584020919 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -19,6 +19,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -28,4 +29,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/liferea.profile b/etc/liferea.profile index 4c1ec4282..78adac568 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile @@ -29,6 +29,7 @@ nogroups nonewprivs noroot # nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -40,4 +41,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 5b211cf53..587a46353 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile @@ -18,6 +18,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 230cd9dfb..164b6296f 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 350ad51e6..08c6007ae 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index c99c4d80b..c5db75467 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile @@ -19,6 +19,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index 026c9858a..72401bdff 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile @@ -13,6 +13,6 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter # noroot - somehow this breaks on Debian Jessie! +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/lynx.profile b/etc/lynx.profile index 2df2b88a5..365f6dcdb 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -28,4 +29,3 @@ tracelog private-dev # private-etc none private-tmp -notv diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 03c6e8b6c..83f4f530f 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile index 3fce03aa3..43bb3ebb4 100644 --- a/etc/mate-calculator.profile +++ b/etc/mate-calculator.profile @@ -1,9 +1,6 @@ -# Firejail profile for mate-calculator +# Firejail profile alias for mate-calc # This file is overwritten after every install/update -# Persistent local customizations -include /etc/firejail/mate-calculator.local -# Persistent global definitions -include /etc/firejail/globals.local + # Redirect -include include /etc/firejail/mate-calc.profile +include /etc/firejail/mate-calc.profile diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index ad18883aa..6b41ab005 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index d12129614..dbeb9567b 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/mcabber.profile b/etc/mcabber.profile index f667b87d6..9a4505ab2 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile @@ -18,6 +18,7 @@ netfilter nonewprivs noroot nosound +notv protocol inet,inet6 seccomp shell none @@ -25,4 +26,3 @@ shell none private-bin mcabber private-dev private-etc null -notv diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index b499a8ec4..81840d1b4 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -28,4 +29,3 @@ private-bin mediainfo private-dev private-etc none private-tmp -notv diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index 17c2eb035..b3c239be7 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile @@ -23,6 +23,7 @@ caps.drop all netfilter nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/meld.profile b/etc/meld.profile index 012a6b515..e2c6dd00e 100644 --- a/etc/meld.profile +++ b/etc/meld.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/midori.profile b/etc/midori.profile index 5c35c4bab..6de433ae0 100644 --- a/etc/midori.profile +++ b/etc/midori.profile @@ -37,7 +37,7 @@ caps.drop all netfilter nonewprivs # noroot - problems on Ubuntu 14.04 +notv protocol unix,inet,inet6,netlink seccomp tracelog -notv diff --git a/etc/mousepad.profile b/etc/mousepad.profile index e1eab3759..2725f004c 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -26,4 +27,3 @@ tracelog private-bin mousepad private-dev private-tmp -notv diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 27ca0a7e4..94cf7da86 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile @@ -25,6 +25,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 # seccomp @@ -36,4 +37,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/mumble.profile b/etc/mumble.profile index 0f9283d66..b4c6ed7cf 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile @@ -25,6 +25,7 @@ no3d nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -37,4 +38,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 761150754..7d933867f 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp # seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev @@ -27,6 +28,6 @@ tracelog private-dev private-etc fonts private-tmp + # mupdf will never write anything read-only ${HOME} -notv diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 980ed522e..b2415acab 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -24,5 +24,5 @@ caps.drop all net none nonewprivs noroot -seccomp notv +seccomp diff --git a/etc/mutt.profile b/etc/mutt.profile index c5202c9f0..1ce1b7065 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -42,9 +42,9 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none private-dev -notv diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 577f63b8a..83599c683 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -23,6 +23,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix seccomp shell none @@ -33,4 +34,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -notv diff --git a/etc/nemo.profile b/etc/nemo.profile index 1df3688a3..29a2cad9d 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -28,4 +29,3 @@ shell none noexec ${HOME} noexec /tmp -notv diff --git a/etc/netsurf.profile b/etc/netsurf.profile index e32b7250f..df2241f3a 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile @@ -23,7 +23,7 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp tracelog -notv diff --git a/etc/nylas.profile b/etc/nylas.profile index 9dda3c303..e9a277e5c 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile @@ -24,9 +24,9 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6,netlink seccomp shell none private-dev -notv diff --git a/etc/obs.profile b/etc/obs.profile index 5aa46b64f..407161de5 100644 --- a/etc/obs.profile +++ b/etc/obs.profile @@ -16,6 +16,7 @@ caps.drop all nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -26,4 +27,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index dd45cf8df..d146dc571 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -29,4 +30,3 @@ private-dev private-etc none private-tmp read-only ${HOME} -notv diff --git a/etc/okular.profile b/etc/okular.profile index 82841aa47..c36b76432 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -39,4 +40,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 7eed37c20..8414315ea 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile @@ -20,6 +20,7 @@ net none nogroups nonewprivs noroot +notv protocol unix,netlink seccomp shell none @@ -28,4 +29,3 @@ shell none private-dev # private-etc none private-tmp -notv diff --git a/etc/openshot.profile b/etc/openshot.profile index 24d92cd9f..554bbd40b 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile @@ -18,6 +18,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -27,4 +28,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/orage.profile b/etc/orage.profile index 410d27053..fb29becc5 100644 --- a/etc/orage.profile +++ b/etc/orage.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 6e5d1f720..e21a9a73e 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -44,6 +44,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -54,4 +55,3 @@ tracelog # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse # private-opt palemoon private-tmp -notv diff --git a/etc/parole.profile b/etc/parole.profile index 60a7cc365..a8ce63e73 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -15,10 +15,10 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none private-bin parole,dbus-launch private-etc passwd,group,fonts -notv diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 0417cebd0..d35d4b369 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile @@ -20,9 +20,9 @@ no3d nonewprivs noroot nosound +notv novideo protocol unix seccomp shell none tracelog -notv diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 89f830814..8af809e27 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index bf1f2811b..d668f4554 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-bin pdftotext private-dev private-etc none private-tmp -notv diff --git a/etc/peek.profile b/etc/peek.profile index e39163b1f..54d7d105d 100644 --- a/etc/peek.profile +++ b/etc/peek.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/picard.profile b/etc/picard.profile index 2fa5dc22d..94a6f8573 100644 --- a/etc/picard.profile +++ b/etc/picard.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 016f1c251..4471bcd87 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -25,4 +26,3 @@ tracelog private-bin pidgin private-dev private-tmp -notv diff --git a/etc/pingus.profile b/etc/pingus.profile index 981d7e5da..b3078db67 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile @@ -20,6 +20,7 @@ net none nogroups nonewprivs noroot +notv protocol unix,netlink seccomp shell none @@ -28,4 +29,3 @@ shell none private-dev # private-etc none private-tmp -notv diff --git a/etc/pithos.profile b/etc/pithos.profile index 8629853d5..9f60d41d0 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile @@ -18,6 +18,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/pix.profile b/etc/pix.profile index 4d37e3aa6..8062ff322 100644 --- a/etc/pix.profile +++ b/etc/pix.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -28,4 +29,3 @@ tracelog private-bin pix private-dev private-tmp -notv diff --git a/etc/pluma.profile b/etc/pluma.profile index f9682980a..80f9a8e57 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv seccomp shell none tracelog @@ -25,4 +26,3 @@ tracelog private-bin pluma private-dev private-tmp -notv diff --git a/etc/polari.profile b/etc/polari.profile index 278c8765e..b31954ed4 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -31,6 +31,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -42,4 +43,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index b57999bf0..96dbfdfb4 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -28,6 +28,7 @@ no3d nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -39,4 +40,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 7cd512ca5..3cfbff52e 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -33,6 +33,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6,netlink seccomp # shell none @@ -41,4 +42,3 @@ seccomp private-dev # private-etc X11,fonts,xdg,resolv.conf private-tmp -notv diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 96fbf90bd..a80d21129 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile @@ -16,6 +16,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -24,4 +25,3 @@ tracelog private-tmp noexec /tmp -notv diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index 146588dcc..bec350bc5 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile @@ -15,6 +15,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -23,4 +24,3 @@ tracelog private-tmp noexec /tmp -notv diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 94347c1f6..8e37515ee 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 7e3d32f61..fb34ff788 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -27,4 +28,3 @@ tracelog private-bin qpdfview private-dev private-tmp -notv diff --git a/etc/qtox.profile b/etc/qtox.profile index 78ec984cd..b4c019979 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -25,6 +25,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -36,4 +37,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/quassel.profile b/etc/quassel.profile index 498556426..897fc1044 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -14,6 +14,6 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 42dceec83..7508365ca 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -32,6 +32,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -44,4 +45,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 5fd6765f2..35687c51c 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile @@ -21,9 +21,9 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter noroot +notv protocol unix,inet,inet6,netlink seccomp tracelog # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse -notv diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index aa44a0a94..035636d9b 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -25,7 +25,7 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp tracelog -notv diff --git a/etc/rambox.profile b/etc/rambox.profile index cb859d25e..c66fdb964 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile @@ -24,7 +24,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp # tracelog -notv diff --git a/etc/ranger.profile b/etc/ranger.profile index 34231e3a5..1cc3b07b9 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -22,8 +22,8 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp private-dev -notv diff --git a/etc/remmina.profile b/etc/remmina.profile index fec723145..b03c0d9de 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile @@ -18,6 +18,7 @@ caps.drop all nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 03d50bf20..bcd72be9a 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/ristretto.profile b/etc/ristretto.profile index cf61b2da3..7971c79e6 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 5c57d5bf5..5dcf1fe8d 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -16,6 +16,7 @@ netfilter nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -23,4 +24,3 @@ shell none private-bin rtorrent private-dev private-tmp -notv diff --git a/etc/scribus.profile b/etc/scribus.profile index b7e0b69e3..f18be4ac8 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile @@ -30,6 +30,7 @@ caps.drop all nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -37,4 +38,3 @@ tracelog private-dev # private-tmp -notv diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 78e04c9e7..7b13ac772 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index a127774ab..7d35eeb1b 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -39,9 +39,9 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp tracelog # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse -notv diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index fa8d570b9..bbbd5be10 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 14c039fe1..9cf150066 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 shell none # seccomp @@ -27,4 +28,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -notv diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 540cbbb97..c2ef90853 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile @@ -20,6 +20,7 @@ net none nogroups nonewprivs noroot +notv protocol unix seccomp shell none @@ -28,4 +29,3 @@ shell none private-dev # private-etc none private-tmp -notv diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 432e3633d..6fccba92c 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile @@ -17,6 +17,7 @@ nogroups nonewprivs noroot nosound +notv # protocol unix,inet,inet6 seccomp shell none @@ -25,4 +26,3 @@ shell none # private-dev # private-etc # private-tmp -notv diff --git a/etc/skype.profile b/etc/skype.profile index 900c77b2c..13bf06aa6 100644 --- a/etc/skype.profile +++ b/etc/skype.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -27,4 +28,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index a385d5d13..20632e91b 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile @@ -17,6 +17,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -27,4 +28,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/slack.profile b/etc/slack.profile index 356c0366d..62463ff5c 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -27,6 +27,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -36,4 +37,3 @@ private-bin slack private-dev private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime private-tmp -notv diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index ee9ee4f1d..933c0fc70 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/spotify.profile b/etc/spotify.profile index f75135ac7..8eac3610b 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -36,6 +36,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -48,4 +49,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 5b5ed3c61..bfa8cac8b 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -31,4 +32,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 891b9d0fd..0005f0ecb 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile @@ -21,6 +21,6 @@ netfilter no3d nonewprivs noroot +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/ssh.profile b/etc/ssh.profile index 300511a60..3bb115631 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -33,4 +34,3 @@ private-dev memory-deny-write-execute noexec ${HOME} noexec /tmp -notv diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 05817d06a..47cceaddd 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile @@ -16,6 +16,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -25,4 +26,3 @@ private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed private-dev private-etc fonts private-tmp -notv diff --git a/etc/steam.profile b/etc/steam.profile index efd834cdc..ec6ea09cc 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -27,6 +27,7 @@ netfilter nogroups nonewprivs noroot +notv # novideo protocol unix,inet,inet6,netlink seccomp @@ -36,4 +37,3 @@ shell none private-dev private-tmp -notv diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 2b561eff0..eff80393e 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -34,4 +35,3 @@ disable-mnt private-bin stellarium private-dev private-tmp -notv diff --git a/etc/strings.profile b/etc/strings.profile index 0ef004abe..4bbdcb97e 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -12,6 +12,7 @@ ignore noroot net none no3d nosound +notv novideo shell none tracelog @@ -21,4 +22,3 @@ private-dev memory-deny-write-execute include /etc/firejail/default.profile -notv diff --git a/etc/supertux2.profile b/etc/supertux2.profile index a74c476cb..0a99246cc 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile @@ -20,6 +20,7 @@ net none nogroups nonewprivs noroot +notv protocol unix,netlink seccomp shell none @@ -28,4 +29,3 @@ shell none private-dev # private-etc none private-tmp -notv diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 4a663bf3d..1ec2185f0 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/tar.profile b/etc/tar.profile index d0633d4ff..3fc0e975c 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -13,6 +13,7 @@ ignore noroot net none no3d nosound +notv shell none tracelog @@ -22,4 +23,3 @@ private-dev private-etc passwd,group,localtime include /etc/firejail/default.profile -notv diff --git a/etc/telegram.profile b/etc/telegram.profile index ea30928e6..5257083bc 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile @@ -15,6 +15,7 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp @@ -23,4 +24,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/tracker.profile b/etc/tracker.profile index 5ca42fc1c..52929c548 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -30,4 +31,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -notv diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index e7c75e84b..b3a4bbb84 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile @@ -18,6 +18,7 @@ netfilter nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -29,4 +30,3 @@ private-etc none private-tmp memory-deny-write-execute -notv diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index a53e61b73..b8872adfe 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -25,6 +25,7 @@ netfilter nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -35,4 +36,3 @@ private-dev private-tmp memory-deny-write-execute -notv diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index c4670c52e..083b293e1 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -25,6 +25,7 @@ netfilter nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -33,4 +34,3 @@ tracelog private-bin transmission-qt private-dev private-tmp -notv diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index ee67b6bb7..ad97b537a 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile @@ -18,6 +18,7 @@ net none nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -27,4 +28,3 @@ tracelog private-dev private-etc none private-tmp -notv diff --git a/etc/truecraft.profile b/etc/truecraft.profile index a177ca7e3..186f6c7f7 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile @@ -23,6 +23,7 @@ caps.drop all nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index df46cc698..5f64095f0 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile @@ -17,6 +17,7 @@ caps.drop all no3d nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -27,4 +28,3 @@ private-tmp # noexec ${HOME} - tuxguitar may fail to launch noexec /tmp -notv diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index eaf03bed7..a9c332799 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -21,6 +21,7 @@ netfilter nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -28,4 +29,3 @@ shell none private-bin uget-gtk private-dev private-tmp -notv diff --git a/etc/unbound.profile b/etc/unbound.profile index debba08fc..0e5539764 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -15,8 +15,8 @@ include /etc/firejail/disable-programs.inc no3d nosound +notv seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open private private-dev -notv diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index e211b5e4d..db768b883 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile @@ -19,6 +19,7 @@ caps.drop all nogroups nonewprivs noroot +notv protocol unix,netlink,inet,inet6 seccomp shell none @@ -27,4 +28,3 @@ shell none private-dev # private-etc none private-tmp -notv diff --git a/etc/unrar.profile b/etc/unrar.profile index 455ce8369..37227e5d3 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -13,6 +13,7 @@ ignore noroot net none no3d nosound +notv shell none tracelog @@ -22,4 +23,3 @@ private-etc passwd,group,localtime private-tmp include /etc/firejail/default.profile -notv diff --git a/etc/unzip.profile b/etc/unzip.profile index 57d0c7898..8a0a79bf8 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -13,6 +13,7 @@ ignore noroot net none no3d nosound +notv shell none tracelog @@ -21,4 +22,3 @@ private-dev private-etc passwd,group,localtime include /etc/firejail/default.profile -notv diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 69fd43e4f..3f86a43f2 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile @@ -11,6 +11,7 @@ hostname uudeview ignore noroot net none nosound +notv shell none tracelog @@ -19,4 +20,3 @@ private-dev private-etc ld.so.preload include /etc/firejail/default.profile -notv diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index 7bc6bee28..d8eba6c7d 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile @@ -27,7 +27,7 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp tracelog -notv diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 25ac611e6..5f6b9848d 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -32,4 +33,3 @@ private-bin viewnior private-dev private-etc fonts private-tmp -notv diff --git a/etc/viking.profile b/etc/viking.profile index fd9744bc0..331a759c4 100644 --- a/etc/viking.profile +++ b/etc/viking.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/vim.profile b/etc/vim.profile index 169026166..adbcef008 100644 --- a/etc/vim.profile +++ b/etc/vim.profile @@ -18,6 +18,6 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp -notv diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 366374b55..816548bc7 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter nogroups +notv shell none private-dev @@ -29,4 +30,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/vym.profile b/etc/vym.profile index d648082ab..c81bc580a 100644 --- a/etc/vym.profile +++ b/etc/vym.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/w3m.profile b/etc/w3m.profile index 2401416a4..f7f7d30b2 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -30,4 +31,3 @@ tracelog private-dev private-etc none private-tmp -notv diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 1485b0316..c40114b24 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile @@ -23,6 +23,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -32,4 +33,3 @@ disable-mnt private-bin warzone2100 private-dev private-tmp -notv diff --git a/etc/waterfox.profile b/etc/waterfox.profile index 541e8f350..af5ce150d 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile @@ -55,6 +55,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -68,4 +69,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/weechat.profile b/etc/weechat.profile index 9dd1ea3a9..7a2c46cd1 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile @@ -14,10 +14,10 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp # no private-bin support for various reasons: # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins -notv diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 1236044e2..4796b792e 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -25,9 +25,9 @@ include /etc/firejail/whitelist-common.inc caps.drop all nonewprivs noroot +notv protocol unix,inet,inet6 seccomp private-dev private-tmp -notv diff --git a/etc/wget.profile b/etc/wget.profile index a93ae0627..553e03c33 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -33,4 +34,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/wine.profile b/etc/wine.profile index 44abb173a..0f7c48837 100644 --- a/etc/wine.profile +++ b/etc/wine.profile @@ -20,5 +20,5 @@ netfilter nogroups nonewprivs noroot -seccomp notv +seccomp diff --git a/etc/wire.profile b/etc/wire.profile index 74b72ea48..d1aba549d 100644 --- a/etc/wire.profile +++ b/etc/wire.profile @@ -21,6 +21,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6,netlink seccomp shell none @@ -28,4 +29,3 @@ shell none disable-mnt private-dev private-tmp -notv diff --git a/etc/wireshark.profile b/etc/wireshark.profile index be2d38126..d6b8ba23c 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile @@ -19,6 +19,7 @@ no3d # nonewprivs - breaks unprivileged wireshark usage # noroot nosound +notv # protocol unix,inet,inet6,netlink # seccomp - breaks unprivileged wireshark usage shell none @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/xchat.profile b/etc/xchat.profile index 2cf9faf62..3297b24fc 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile @@ -14,8 +14,8 @@ include /etc/firejail/disable-programs.inc caps.drop all nonewprivs noroot +notv protocol unix,inet,inet6 seccomp # private-bin requires perl, python, etc. -notv diff --git a/etc/xed.profile b/etc/xed.profile index eac7d0346..29c35c08c 100644 --- a/etc/xed.profile +++ b/etc/xed.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv seccomp shell none tracelog @@ -25,4 +26,3 @@ tracelog private-bin xed private-dev private-tmp -notv diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 7be9c69de..0f94698f2 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile @@ -18,6 +18,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -27,4 +28,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -notv diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index 020965840..aea5aa80a 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index dec1accf3..302b26c5e 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 82a55e30f..eae4e338d 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix,inet,inet6 seccomp shell none @@ -35,4 +36,3 @@ private-bin xiphos private-dev private-etc fonts,resolv.conf,sword private-tmp -notv diff --git a/etc/xmms.profile b/etc/xmms.profile index b99c2d847..d2e6eddac 100644 --- a/etc/xmms.profile +++ b/etc/xmms.profile @@ -17,10 +17,10 @@ netfilter no3d nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none private-bin xmms private-dev -notv diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 2ff75f9f5..5275e4a09 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile @@ -21,6 +21,7 @@ netfilter nogroups nonewprivs noroot +notv novideo protocol unix,inet,inet6 seccomp @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 2672edfbe..ab2b33455 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix seccomp @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/xplayer.profile b/etc/xplayer.profile index d887984e1..0722768d1 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -18,6 +18,7 @@ netfilter nogroups nonewprivs noroot +notv protocol unix,inet,inet6 seccomp shell none @@ -26,4 +27,3 @@ tracelog private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer private-dev private-tmp -notv diff --git a/etc/xreader.profile b/etc/xreader.profile index 15226a4d0..cb5ad1ee6 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -27,4 +28,3 @@ tracelog private-bin xreader, xreader-previewer, xreader-thumbnailer private-dev private-tmp -notv diff --git a/etc/xviewer.profile b/etc/xviewer.profile index e4cb200d1..6fa286937 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -notv diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 4481e2ee5..c7d3ebac3 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile @@ -12,10 +12,10 @@ ignore noroot net none no3d nosound +notv shell none tracelog private-dev include /etc/firejail/default.profile -notv diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 39b4277c9..3e99add9c 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot nosound +notv novideo protocol unix,inet,inet6 seccomp @@ -31,4 +32,3 @@ private-dev noexec ${HOME} noexec /tmp -notv diff --git a/etc/zathura.profile b/etc/zathura.profile index 523d8ba1f..f495e1973 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +notv protocol unix seccomp shell none @@ -29,4 +30,3 @@ private-etc fonts private-tmp read-only ~/ read-write ~/.local/share/zathura/ -notv diff --git a/etc/zoom.profile b/etc/zoom.profile index 861c31982..8f52f2f7f 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile @@ -20,8 +20,8 @@ caps.drop all netfilter nonewprivs noroot +notv protocol unix,inet,inet6 seccomp private-tmp -notv -- cgit v1.2.3-54-g00ecf