From 569149a46e88924fa11b107d905cdc6b889934c3 Mon Sep 17 00:00:00 2001
From: rusty-snake <print_hello_world+Public@protonmail.com>
Date: Mon, 26 Aug 2019 09:59:10 +0200
Subject: Use new seccomp syntax from #2926 in more profiles

---
 etc/akonadi_control.profile       | 2 +-
 etc/baloo_file.profile            | 2 +-
 etc/brackets.profile              | 2 +-
 etc/clementine.profile            | 2 +-
 etc/kmail.profile                 | 2 +-
 etc/mpd.profile                   | 2 +-
 etc/qgis.profile                  | 2 +-
 etc/simple-scan.profile           | 2 +-
 etc/skanlite.profile              | 2 +-
 etc/standardnotes-desktop.profile | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

(limited to 'etc')

diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile
index 904c784c6..ffc613f1e 100644
--- a/etc/akonadi_control.profile
+++ b/etc/akonadi_control.profile
@@ -47,7 +47,7 @@ notv
 nou2f
 novideo
 # protocol unix,inet,inet6,netlink
-# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+# seccomp !io_getevents,!io_setup,!io_submit,!ioprio_set
 tracelog
 
 private-dev
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index f46987cc7..6f7638fa3 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -39,7 +39,7 @@ nou2f
 novideo
 protocol unix
 # blacklisting of ioprio_set system calls breaks baloo_file
-seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+seccomp !ioprio_set
 shell none
 # x11 xorg
 
diff --git a/etc/brackets.profile b/etc/brackets.profile
index b7d560bbc..13a3bef79 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -27,7 +27,7 @@ notv
 nou2f
 novideo
 protocol unix,inet,inet6,netlink
-seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+seccomp !chroot,!ioperm
 shell none
 
 private-cache
diff --git a/etc/clementine.profile b/etc/clementine.profile
index 147b0de4b..4d92157d0 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -27,7 +27,7 @@ nou2f
 novideo
 protocol unix,inet,inet6
 # blacklisting of ioprio_set system calls breaks clementine
-seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+seccomp !ioprio_set
 
 private-dev
 private-tmp
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 0b602c79a..e174cf2bf 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -51,7 +51,7 @@ nou2f
 novideo
 protocol unix,inet,inet6,netlink
 # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls
-seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+seccomp !chroot,!io_getevents,!io_submit,!io_submit,!ioprio_set
 # tracelog
 
 private-dev
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 0b5ebf705..6c5963793 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -31,7 +31,7 @@ novideo
 protocol unix,inet,inet6
 # blacklisting of ioprio_set system calls breaks auto-updating of
 # MPD's database when files in music_directory are changed
-seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+seccomp !ioprio_set
 shell none
 
 #private-bin bash,mpd
diff --git a/etc/qgis.profile b/etc/qgis.profile
index 80a10efce..88ed0cd81 100644
--- a/etc/qgis.profile
+++ b/etc/qgis.profile
@@ -45,7 +45,7 @@ notv
 nou2f
 novideo
 # blacklisting of mbind system calls breaks old version
-seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,migrate_pages,mincore,move_pages,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,set_mempolicy,syslog,umount,userfaultfd,vmsplice
+seccomp !mbind
 protocol unix,inet,inet6,netlink
 shell none
 tracelog
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index 64441483d..a0c9e8303 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -27,7 +27,7 @@ notv
 # novideo
 protocol unix,inet,inet6,netlink
 # blacklisting of ioperm system calls breaks simple-scan
-seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+seccomp !ioperm
 shell none
 tracelog
 
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index c10be717b..6f9bfd201 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -27,7 +27,7 @@ notv
 # novideo
 protocol unix,inet,inet6,netlink
 # blacklisting of ioperm system calls breaks skanlite
-seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+seccomp !ioperm
 shell none
 
 # private-bin kbuildsycoca4,kdeinit4,skanlite
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile
index 5703f932a..aa6902854 100644
--- a/etc/standardnotes-desktop.profile
+++ b/etc/standardnotes-desktop.profile
@@ -34,7 +34,7 @@ nosound
 notv
 nou2f
 protocol unix,inet,inet6,netlink
-seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mincore,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pivot_root,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+seccomp !chroot
 
 disable-mnt
 private-dev
-- 
cgit v1.2.3-54-g00ecf