From 83ddb3e5b276613ad2be190cebf74401daebef03 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Sun, 17 Feb 2019 12:09:02 -0600 Subject: Add alternatives to private-etc for profiles in etc/ See discussion in #2399 --- etc/QMediathekView.profile | 2 +- etc/QOwnNotes.profile | 2 +- etc/Xephyr.profile | 2 +- etc/Xvfb.profile | 2 +- etc/abrowser.profile | 2 +- etc/amarok.profile | 2 +- etc/ardour5.profile | 2 +- etc/aria2c.profile | 2 +- etc/ark.profile | 2 +- etc/arm.profile | 2 +- etc/artha.profile | 2 +- etc/atool.profile | 2 +- etc/atril.profile | 2 +- etc/authenticator.profile | 2 +- etc/basilisk.profile | 2 +- etc/bibletime.profile | 2 +- etc/bitcoin-qt.profile | 2 +- etc/bless.profile | 2 +- etc/brasero.profile | 2 +- etc/bsdtar.profile | 2 +- etc/caja.profile | 2 +- etc/clawsker.profile | 2 +- etc/cliqz.profile | 2 +- etc/cmus.profile | 2 +- etc/crow.profile | 2 +- etc/curl.profile | 2 +- etc/cyberfox.profile | 2 +- etc/default.profile | 2 +- etc/devilspie.profile | 2 +- etc/devilspie2.profile | 2 +- etc/dig.profile | 2 +- etc/digikam.profile | 2 +- etc/dino.profile | 2 +- etc/discord-common.profile | 2 +- etc/display.profile | 2 +- etc/easystroke.profile | 2 +- etc/electrum.profile | 2 +- etc/elinks.profile | 2 +- etc/enchant.profile | 2 +- etc/engrampa.profile | 2 +- etc/eog.profile | 2 +- etc/eom.profile | 2 +- etc/etr.profile | 2 +- etc/evince.profile | 2 +- etc/exiftool.profile | 2 +- etc/feh.profile | 2 +- etc/file-roller.profile | 2 +- etc/file.profile | 2 +- etc/firefox-common-addons.inc | 2 +- etc/firefox-common.profile | 2 +- etc/firefox.profile | 2 +- etc/flameshot.profile | 2 +- etc/frozen-bubble.profile | 2 +- etc/gajim.profile | 2 +- etc/galculator.profile | 2 +- etc/gcloud.profile | 2 +- etc/gedit.profile | 2 +- etc/geeqie.profile | 2 +- etc/ghostwriter.profile | 2 +- etc/github-desktop.profile | 2 +- etc/gitter.profile | 2 +- etc/gjs.profile | 2 +- etc/gnome-books.profile | 2 +- etc/gnome-chess.profile | 2 +- etc/gnome-clocks.profile | 2 +- etc/gnome-logs.profile | 2 +- etc/gnome-maps.profile | 2 +- etc/gnome-music.profile | 2 +- etc/gnome-photos.profile | 2 +- etc/gnome-pie.profile | 2 +- etc/gnome-recipes.profile | 2 +- etc/gnome-weather.profile | 2 +- etc/goobox.profile | 2 +- etc/gpicview.profile | 2 +- etc/gpredict.profile | 2 +- etc/gradio.profile | 2 +- etc/gwenview.profile | 2 +- etc/highlight.profile | 2 +- etc/icecat.profile | 2 +- etc/iceweasel.profile | 2 +- etc/img2txt.profile | 2 +- etc/kate.profile | 2 +- etc/keepassx.profile | 2 +- etc/keepassxc.profile | 2 +- etc/klavaro.profile | 2 +- etc/kwin_x11.profile | 2 +- etc/kwrite.profile | 2 +- etc/lollypop.profile | 2 +- etc/lynx.profile | 2 +- etc/masterpdfeditor.profile | 2 +- etc/mate-calc.profile | 2 +- etc/mate-color-select.profile | 2 +- etc/mate-dictionary.profile | 2 +- etc/mcabber.profile | 2 +- etc/mediainfo.profile | 2 +- etc/min.profile | 2 +- etc/minetest.profile | 2 +- etc/ms-office.profile | 2 +- etc/mupdf.profile | 2 +- etc/musixmatch.profile | 4 ++-- etc/mypaint.profile | 2 +- etc/nautilus.profile | 2 +- etc/nitroshare.profile | 2 +- etc/nyx.profile | 2 +- etc/ocenaudio.profile | 2 +- etc/odt2txt.profile | 2 +- etc/open-invaders.profile | 2 +- etc/palemoon.profile | 2 +- etc/parole.profile | 2 +- etc/pdfchain.profile | 2 +- etc/pdftotext.profile | 2 +- etc/ping.profile | 2 +- etc/pingus.profile | 2 +- etc/pluma.profile | 2 +- etc/ppsspp.profile | 2 +- etc/pybitmessage.profile | 2 +- etc/pycharm-community.profile | 2 +- etc/qbittorrent.profile | 2 +- etc/qtox.profile | 2 +- etc/quiterss.profile | 2 +- etc/qupzilla.profile | 2 +- etc/ricochet.profile | 2 +- etc/seamonkey.profile | 2 +- etc/server.profile | 2 +- etc/simple-scan.profile | 2 +- etc/simutrans.profile | 2 +- etc/slack.profile | 2 +- etc/spotify.profile | 2 +- etc/standardnotes-desktop.profile | 2 +- etc/start-tor-browser.profile | 2 +- etc/steam.profile | 2 +- etc/strings.profile | 2 +- etc/supertux2.profile | 2 +- etc/supertuxkart.profile | 2 +- etc/surf.profile | 2 +- etc/tar.profile | 2 +- etc/terasology.profile | 2 +- etc/tilp.profile | 2 +- etc/tor.profile | 2 +- etc/torbrowser-launcher.profile | 2 +- etc/totem.profile | 2 +- etc/tracker.profile | 2 +- etc/transmission-cli.profile | 2 +- etc/transmission-show.profile | 2 +- etc/unknown-horizons.profile | 2 +- etc/unrar.profile | 2 +- etc/unzip.profile | 2 +- etc/uudeview.profile | 2 +- etc/viewnior.profile | 2 +- etc/w3m.profile | 2 +- etc/waterfox.profile | 2 +- etc/wget.profile | 2 +- etc/whois.profile | 2 +- etc/wire-desktop.profile | 2 +- etc/wireshark.profile | 2 +- etc/xed.profile | 2 +- etc/xfburn.profile | 2 +- etc/xiphos.profile | 2 +- etc/xmr-stak.profile | 2 +- etc/xonotic.profile | 2 +- etc/xplayer.profile | 2 +- etc/xpra.profile | 2 +- etc/xreader.profile | 2 +- etc/xviewer.profile | 2 +- etc/zathura.profile | 2 +- 165 files changed, 166 insertions(+), 166 deletions(-) (limited to 'etc') diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index d988fd41a..69dfbecfe 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile @@ -47,7 +47,7 @@ disable-mnt private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer private-cache private-dev -# private-etc none +# private-etc alternatives # private-lib private-tmp diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile index 1135b850b..f63a8b9ef 100644 --- a/etc/QOwnNotes.profile +++ b/etc/QOwnNotes.profile @@ -49,7 +49,7 @@ tracelog disable-mnt private-bin QOwnNotes,gio private-dev -private-etc fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index a95c8989a..d9b7f8c26 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile @@ -39,5 +39,5 @@ private # private-bin Xephyr,sh,xkbcomp # private-bin Xephyr,sh,xkbcomp,strace,bash,cat,ls private-dev -# private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname +# private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname private-tmp diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 967946a6c..ed07485d6 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile @@ -41,5 +41,5 @@ private # private-bin Xvfb,sh,xkbcomp # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls private-dev -private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname +private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname private-tmp diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 010247c6b..b88d7b5f4 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -14,7 +14,7 @@ whitelist ${HOME}/.cache/mozilla/abrowser whitelist ${HOME}/.mozilla # private-etc must first be enabled in firefox-common.profile -#private-etc abrowser +#private-etc abrowser, alternatives # Redirect diff --git a/etc/amarok.profile b/etc/amarok.profile index 6f2e6b3cc..6cec3befc 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile @@ -31,5 +31,5 @@ shell none # private-bin amarok private-dev -# private-etc machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies private-tmp diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 3c207b5b3..377ce0a2c 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile @@ -36,7 +36,7 @@ shell none #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm private-cache private-dev -#private-etc pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf +#private-etc alternatives,pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf private-tmp noexec ${HOME} diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 3015349b7..56ed081e6 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile @@ -37,7 +37,7 @@ disable-mnt private-bin aria2c,gzip private-cache private-dev -private-etc ca-certificates,ssl +private-etc alternatives,ca-certificates,ssl private-lib libreadline.so.* private-tmp diff --git a/etc/ark.profile b/etc/ark.profile index 37211682c..b60674f95 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -34,7 +34,7 @@ seccomp shell none private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh -#private-etc smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg +#private-etc alternatives,smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg private-dev private-tmp diff --git a/etc/arm.profile b/etc/arm.profile index 288dd972a..217b61d09 100644 --- a/etc/arm.profile +++ b/etc/arm.profile @@ -44,7 +44,7 @@ tracelog disable-mnt private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig private-dev -private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/artha.profile b/etc/artha.profile index 7b0c6735b..431fc3ed1 100644 --- a/etc/artha.profile +++ b/etc/artha.profile @@ -37,7 +37,7 @@ disable-mnt private-bin artha,enchant,notify-send private-cache private-dev -private-etc fonts +private-etc alternatives,fonts private-lib libnotify.so.* private-tmp diff --git a/etc/atool.profile b/etc/atool.profile index d5daeabbe..c82108cef 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -43,5 +43,5 @@ private-cache # private-bin atool private-dev # without login.defs atool complains and uses UID/GID 1000 by default -private-etc passwd,group,login.defs +private-etc alternatives,passwd,group,login.defs private-tmp diff --git a/etc/atril.profile b/etc/atril.profile index 92fae21d4..aca945ba3 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -41,7 +41,7 @@ tracelog private-bin atril, atril-previewer, atril-thumbnailer private-dev -private-etc fonts,ld.so.cache +private-etc alternatives,fonts,ld.so.cache # atril uses webkit gtk to display epub files # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit diff --git a/etc/authenticator.profile b/etc/authenticator.profile index 9656bb3d7..fc86001be 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile @@ -40,7 +40,7 @@ disable-mnt # private-bin authenticator private-cache private-dev -private-etc fonts,ld.so.cache +private-etc alternatives,fonts,ld.so.cache # private-lib private-tmp diff --git a/etc/basilisk.profile b/etc/basilisk.profile index 5f9fc8ef7..21daebaac 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile @@ -20,7 +20,7 @@ seccomp #private-bin basilisk # private-etc must first be enabled in firefox-common.profile -#private-etc basilisk +#private-etc alternatives,basilisk #private-opt basilisk # Redirect diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 07cb889e4..6e40054f7 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile @@ -44,5 +44,5 @@ shell none # private-bin bibletime,qt5ct private-dev -private-etc fonts,resolv.conf,sword,sword.conf,passwd,machine-id,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,resolv.conf,sword,sword.conf,passwd,machine-id,ca-certificates,ssl,pki,crypto-policies private-tmp diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 46ce0775b..def292118 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile @@ -42,7 +42,7 @@ tracelog private-bin bitcoin-qt private-dev # Causes problem with loading of libGL.so -#private-etc fonts,ca-certificates,ssl,pki,crypto-policies +#private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies # Works, but QT complains about OpenSSL a bit. #private-lib private-tmp diff --git a/etc/bless.profile b/etc/bless.profile index cc03107a5..8315f4563 100644 --- a/etc/bless.profile +++ b/etc/bless.profile @@ -35,7 +35,7 @@ shell none # private-bin bless,sh,bash,mono private-cache private-dev -private-etc fonts,mono +private-etc alternatives,fonts,mono private-tmp noexec ${HOME} diff --git a/etc/brasero.profile b/etc/brasero.profile index 8ab9472ac..5021db254 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile @@ -30,7 +30,7 @@ tracelog # private-bin brasero private-cache # private-dev -# private-etc fonts +# private-etc alternatives,fonts # private-tmp memory-deny-write-execute diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index f6864386e..9e45b1fd6 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile @@ -37,4 +37,4 @@ tracelog # support compressed archives private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive private-dev -private-etc passwd,group,localtime +private-etc alternatives,passwd,group,localtime diff --git a/etc/caja.profile b/etc/caja.profile index f938792cd..49516de8c 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -41,5 +41,5 @@ tracelog # caja needs to be able to start arbitrary applications so we cannot blacklist their files # private-bin caja # private-dev -# private-etc fonts +# private-etc alternatives,fonts # private-tmp diff --git a/etc/clawsker.profile b/etc/clawsker.profile index e863a6a45..d50882c75 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile @@ -44,7 +44,7 @@ shell none private-bin clawsker,perl private-cache private-dev -private-etc fonts +private-etc alternatives,fonts private-lib girepository-1.*,libgirepository-1.*,perl* private-tmp diff --git a/etc/cliqz.profile b/etc/cliqz.profile index d0b8cc0ef..b1e4ea613 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile @@ -17,7 +17,7 @@ whitelist ${HOME}/.cliqz whitelist ${HOME}/.config/cliqz # private-etc must first be enabled in firefox-common.profile -#private-etc cliqz +#private-etc alternatives,cliqz # Redirect include firefox-common.profile diff --git a/etc/cmus.profile b/etc/cmus.profile index ee6600b76..e602c4e2a 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile @@ -27,4 +27,4 @@ seccomp shell none private-bin cmus -private-etc group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies diff --git a/etc/crow.profile b/etc/crow.profile index c016717be..93f71cef8 100644 --- a/etc/crow.profile +++ b/etc/crow.profile @@ -37,7 +37,7 @@ shell none disable-mnt private-bin crow private-dev -private-etc ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies +private-etc alternatives,ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies private-opt none private-tmp private-srv none diff --git a/etc/curl.profile b/etc/curl.profile index d20e00740..1783f1337 100644 --- a/etc/curl.profile +++ b/etc/curl.profile @@ -33,7 +33,7 @@ shell none # private-bin curl private-cache private-dev -# private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index fcb448b30..147791d26 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -15,7 +15,7 @@ whitelist ${HOME}/.cache/8pecxstudios # private-bin cyberfox,which,sh,dbus-launch,dbus-send,env # private-etc must first be enabled in firefox-common.profile -#private-etc cyberfox +#private-etc alternatives,cyberfox # Redirect include firefox-common.profile diff --git a/etc/default.profile b/etc/default.profile index 14ea0ae17..917e42287 100644 --- a/etc/default.profile +++ b/etc/default.profile @@ -37,7 +37,7 @@ seccomp # private-bin program # private-cache # private-dev -# private-etc none +# private-etc alternatives # private-lib # private-tmp diff --git a/etc/devilspie.profile b/etc/devilspie.profile index b3558a038..a809bee0c 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile @@ -37,7 +37,7 @@ disable-mnt private-bin devilspie private-cache private-dev -private-etc none +private-etc alternatives private-lib gconv private-tmp diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 4ab2634e8..d8c10413b 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile @@ -37,7 +37,7 @@ disable-mnt private-bin devilspie2 private-cache private-dev -private-etc none +private-etc alternatives private-lib gconv private-tmp diff --git a/etc/dig.profile b/etc/dig.profile index 8a0ba8f09..f5b26c195 100644 --- a/etc/dig.profile +++ b/etc/dig.profile @@ -40,7 +40,7 @@ private private-bin sh,bash,dig private-cache private-dev -# private-etc resolv.conf +# private-etc alternatives,resolv.conf private-lib private-tmp diff --git a/etc/digikam.profile b/etc/digikam.profile index ccc0a6544..cc0e98ba3 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile @@ -37,7 +37,7 @@ shell none # private-bin program # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device -# private-etc ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/dino.profile b/etc/dino.profile index 9844ce81a..76f63fdc8 100644 --- a/etc/dino.profile +++ b/etc/dino.profile @@ -36,7 +36,7 @@ shell none disable-mnt private-bin dino private-dev -# private-etc fonts,ca-certificates,ssl,pki,crypto-policies # breaks server connection +# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies # breaks server connection private-tmp noexec ${HOME} diff --git a/etc/discord-common.profile b/etc/discord-common.profile index 9c6a40e8a..c520454e8 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile @@ -27,7 +27,7 @@ seccomp private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh private-dev -private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf +private-etc alternatives,fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf private-tmp noexec ${HOME} diff --git a/etc/display.profile b/etc/display.profile index 3182aebbe..7e4263d2e 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -39,5 +39,5 @@ shell none private-bin display,python* private-dev -# private-etc none - on Debian-based systems display is a symlink in /etc/alternatives +# private-etc alternatives - on Debian-based systems display is a symlink in /etc/alternatives private-tmp diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 31cc48e9f..44156f97e 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile @@ -36,7 +36,7 @@ disable-mnt private-bin easystroke,bash,sh private-cache private-dev -private-etc fonts +private-etc alternatives,fonts private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp diff --git a/etc/electrum.profile b/etc/electrum.profile index d24a31299..a290683de 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile @@ -47,7 +47,7 @@ disable-mnt private-bin electrum,python* private-cache private-dev -private-etc fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id +private-etc alternatives,fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id private-tmp noexec ${HOME} diff --git a/etc/elinks.profile b/etc/elinks.profile index 6643c5fda..842a0db04 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -36,5 +36,5 @@ tracelog # private-bin elinks private-cache private-dev -# private-etc ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,ca-certificates,ssl,pki,crypto-policies private-tmp diff --git a/etc/enchant.profile b/etc/enchant.profile index e29e542ab..1d3d33d68 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile @@ -35,7 +35,7 @@ tracelog # private-bin enchant, enchant-* private-cache private-dev -private-etc none +private-etc alternatives private-tmp # memory-deny-write-execute diff --git a/etc/engrampa.profile b/etc/engrampa.profile index b9f2632c4..670808de2 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile @@ -34,7 +34,7 @@ tracelog # private-bin engrampa private-dev -# private-etc fonts +# private-etc alternatives,fonts # private-tmp memory-deny-write-execute diff --git a/etc/eog.profile b/etc/eog.profile index 75d343d4e..d448b7c6c 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -39,7 +39,7 @@ shell none private-bin eog private-cache private-dev -private-etc fonts +private-etc alternatives,fonts private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* private-tmp diff --git a/etc/eom.profile b/etc/eom.profile index 7d84cd3b4..c34331da6 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -39,7 +39,7 @@ tracelog private-bin eom private-dev -private-etc fonts +private-etc alternatives,fonts private-lib private-tmp diff --git a/etc/etr.profile b/etc/etr.profile index 6c3db897b..cf13a42de 100644 --- a/etc/etr.profile +++ b/etc/etr.profile @@ -31,5 +31,5 @@ shell none # private-bin etr private-dev -# private-etc none +# private-etc alternatives private-tmp diff --git a/etc/evince.profile b/etc/evince.profile index b9ff3c121..e9b530ece 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -39,7 +39,7 @@ tracelog private-bin evince,evince-previewer,evince-thumbnailer private-dev -private-etc fonts,machine-id +private-etc alternatives,fonts,machine-id private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 3eac35bac..37e01f8d3 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -39,5 +39,5 @@ tracelog # private-bin exiftool,perl private-cache private-dev -private-etc none +private-etc alternatives private-tmp diff --git a/etc/feh.profile b/etc/feh.profile index ddf0fa154..eb6f311bb 100644 --- a/etc/feh.profile +++ b/etc/feh.profile @@ -31,5 +31,5 @@ shell none private-bin feh,jpegexiforient,jpegtran private-cache private-dev -private-etc feh +private-etc alternatives,feh private-tmp diff --git a/etc/file-roller.profile b/etc/file-roller.profile index d79b4de4b..e4863bfc0 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile @@ -34,7 +34,7 @@ tracelog # private-bin file-roller private-dev -# private-etc fonts +# private-etc alternatives,fonts # private-tmp #memory-deny-write-execute - breaks on Arch diff --git a/etc/file.profile b/etc/file.profile index f2f9f25f9..0769f8887 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -34,7 +34,7 @@ x11 none #private-bin file private-cache private-dev -private-etc magic.mgc,magic,localtime +private-etc alternatives,magic.mgc,magic,localtime private-lib libarchive.so.*,libfakeroot,libmagic.so.* memory-deny-write-execute diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc index 7a0c3e99f..1932b2f1c 100644 --- a/etc/firefox-common-addons.inc +++ b/etc/firefox-common-addons.inc @@ -61,4 +61,4 @@ noblacklist /usr/lib/python3* # Flash plugin # private-etc must first be enabled in firefox-common.profile and in profiles including it. -#private-etc adobe +#private-etc alternatives,adobe diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 7c65be7cb..69920aa5f 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile @@ -51,7 +51,7 @@ shell none disable-mnt private-dev # private-etc below works fine on most distributions. There are some problems on CentOS. -#private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache +#private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache private-tmp # breaks DRM binaries diff --git a/etc/firefox.profile b/etc/firefox.profile index 830bbc6a7..2861a91b4 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -17,7 +17,7 @@ whitelist ${HOME}/.mozilla # firefox requires a shell to launch on Arch. #private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash # private-etc must first be enabled in firefox-common.profile -#private-etc firefox +#private-etc alternatives,firefox # Redirect include firefox-common.profile diff --git a/etc/flameshot.profile b/etc/flameshot.profile index d665d1851..1c5f90f42 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile @@ -35,7 +35,7 @@ shell none disable-mnt private-bin flameshot private-cache -private-etc fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies private-dev private-tmp diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 3697252e7..ed3b4490f 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile @@ -35,5 +35,5 @@ shell none disable-mnt # private-bin frozen-bubble private-dev -# private-etc none +# private-etc alternatives private-tmp diff --git a/etc/gajim.profile b/etc/gajim.profile index a957b07b0..efe85f3aa 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -47,7 +47,7 @@ tracelog disable-mnt private-bin python,python3,sh,gpg,gpg2,gajim,bash,zsh,paplay,gajim-history-manager private-dev -private-etc alsa,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl private-tmp noexec ${HOME} diff --git a/etc/galculator.profile b/etc/galculator.profile index 323c880a8..509d9bd05 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -38,6 +38,6 @@ tracelog private-bin galculator private-dev -private-etc fonts +private-etc alternatives,fonts private-lib private-tmp diff --git a/etc/gcloud.profile b/etc/gcloud.profile index 5aa73b38f..d9df8fd37 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile @@ -32,7 +32,7 @@ tracelog disable-mnt private-dev -private-etc ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache +private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache private-tmp noexec /tmp diff --git a/etc/gedit.profile b/etc/gedit.profile index af0a3da56..a583c534f 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile @@ -40,7 +40,7 @@ tracelog # private-bin gedit private-dev -# private-etc fonts +# private-etc alternatives,fonts private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell private-tmp diff --git a/etc/geeqie.profile b/etc/geeqie.profile index a7d82b5fb..adfc3ef1c 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile @@ -31,4 +31,4 @@ shell none # private-bin geeqie private-dev -# private-etc X11 +# private-etc alternatives,X11 diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index bdca281ed..11686e0e9 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile @@ -52,7 +52,7 @@ tracelog #private-bin ghostwriter,pandoc private-cache private-dev -private-etc cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id +private-etc alternatives,cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id # Breaks Translation #private-lib private-tmp diff --git a/etc/github-desktop.profile b/etc/github-desktop.profile index 9ac212fe8..934ac7c40 100644 --- a/etc/github-desktop.profile +++ b/etc/github-desktop.profile @@ -39,7 +39,7 @@ disable-mnt private-cache ?HAS_APPIMAGE: ignore private-dev private-dev -# private-etc none +# private-etc alternatives # private-lib private-tmp diff --git a/etc/gitter.profile b/etc/gitter.profile index d8439fa79..d84f01f20 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -35,7 +35,7 @@ shell none disable-mnt private-bin bash,env,gitter -private-etc fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies private-opt Gitter private-dev private-tmp diff --git a/etc/gjs.profile b/etc/gjs.profile index 9c7aa5700..f119e5b34 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -34,5 +34,5 @@ tracelog # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather private-dev -# private-etc fonts,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies private-tmp diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index c748cf7e3..b880980bc 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -37,7 +37,7 @@ tracelog # private-bin gjs gnome-books private-dev -# private-etc fonts +# private-etc alternatives,fonts private-tmp noexec ${HOME} diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index fbd8c22c0..42aa3ea2c 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -35,7 +35,7 @@ tracelog disable-mnt private-bin fairymax,gnome-chess,hoichess private-dev -private-etc fonts,gnome-chess +private-etc alternatives,fonts,gnome-chess private-tmp noexec ${HOME} diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 54356a1b7..83ece0fce 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile @@ -34,7 +34,7 @@ tracelog disable-mnt # private-bin gnome-clocks private-dev -# private-etc fonts,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index f89684219..c429c7697 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile @@ -37,7 +37,7 @@ shell none disable-mnt private-bin gnome-logs private-dev -private-etc fonts,localtime,machine-id +private-etc alternatives,fonts,localtime,machine-id private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp writable-var-log diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 2d2f5aa6d..b963c17dd 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile @@ -38,7 +38,7 @@ tracelog disable-mnt # private-bin gjs gnome-maps private-dev -# private-etc fonts,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 54e055358..c4dedcf1c 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -40,7 +40,7 @@ tracelog private-bin gnome-music,python*,env,gio-launch-desktop,yelp private-dev -private-etc fonts,machine-id,pulse,asound.conf +private-etc alternatives,fonts,machine-id,pulse,asound.conf private-tmp noexec ${HOME} diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 2e3356607..c48ca50a5 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -34,7 +34,7 @@ tracelog # private-bin gjs gnome-photos private-dev -# private-etc fonts +# private-etc alternatives,fonts private-tmp noexec ${HOME} diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile index cef741eb3..01c65a5a4 100644 --- a/etc/gnome-pie.profile +++ b/etc/gnome-pie.profile @@ -34,7 +34,7 @@ shell none disable-mnt private-cache private-dev -private-etc fonts +private-etc alternatives,fonts private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 761c604ff..e516566d7 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile @@ -38,7 +38,7 @@ shell none disable-mnt private-bin gnome-recipes,tar private-dev -private-etc ca-certificates,fonts,ssl,crypto-policies,pki +private-etc alternatives,ca-certificates,fonts,ssl,crypto-policies,pki # private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) # not widely tested though, leaving it to devs discretion to enable it later #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 6b5f5480d..baa5d39fd 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -38,7 +38,7 @@ tracelog disable-mnt # private-bin gjs gnome-weather private-dev -# private-etc fonts,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/goobox.profile b/etc/goobox.profile index 3cc159eb2..be332665e 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile @@ -31,5 +31,5 @@ tracelog # private-bin goobox private-dev -# private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies # private-tmp diff --git a/etc/gpicview.profile b/etc/gpicview.profile index d3e1123f3..af9680b49 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -34,6 +34,6 @@ tracelog private-bin gpicview private-dev -private-etc fonts +private-etc alternatives,fonts private-lib private-tmp diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 76a10f697..38897f184 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -33,7 +33,7 @@ tracelog private-bin gpredict private-dev -private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/gradio.profile b/etc/gradio.profile index e7f415090..eec7376b4 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile @@ -34,7 +34,7 @@ protocol unix,inet,inet6 seccomp shell none -private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id +private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id private-tmp noexec ${HOME} diff --git a/etc/gwenview.profile b/etc/gwenview.profile index e90578333..790e4920d 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -44,7 +44,7 @@ shell none private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 private-dev -private-etc fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg +private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg # memory-deny-write-execute noexec ${HOME} diff --git a/etc/highlight.profile b/etc/highlight.profile index ae2cce0b4..243643aea 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile @@ -34,5 +34,5 @@ tracelog private-bin highlight private-cache private-dev -# private-etc none +# private-etc alternatives private-tmp diff --git a/etc/icecat.profile b/etc/icecat.profile index 660343a29..0dae814c0 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -14,7 +14,7 @@ whitelist ${HOME}/.cache/mozilla/icecat whitelist ${HOME}/.mozilla # private-etc must first be enabled in firefox-common.profile -#private-etc icecat +#private-etc alternatives,icecat # Redirect include firefox-common.profile diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile index 24a2f4cc3..4184b23a7 100644 --- a/etc/iceweasel.profile +++ b/etc/iceweasel.profile @@ -6,7 +6,7 @@ include iceweasel.local include globals.local # private-etc must first be enabled in firefox-common.profile -#private-etc iceweasel +#private-etc alternatives,iceweasel # Redirect include firefox.profile diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 6f860a3d4..2011759e3 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile @@ -34,5 +34,5 @@ tracelog # private-bin img2txt private-cache private-dev -# private-etc none +# private-etc alternatives private-tmp diff --git a/etc/kate.profile b/etc/kate.profile index cce36eacc..4a78d718f 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -42,7 +42,7 @@ tracelog # private-bin kate,kbuildsycoca4,kdeinit4 private-dev -# private-etc fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg +# private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg private-tmp # noexec ${HOME} diff --git a/etc/keepassx.profile b/etc/keepassx.profile index fc9386618..357eb435d 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile @@ -41,7 +41,7 @@ tracelog private-bin keepassx,keepassx2 private-dev -private-etc fonts,machine-id +private-etc alternatives,fonts,machine-id private-tmp memory-deny-write-execute diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 448f5455f..d565373f4 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile @@ -42,7 +42,7 @@ shell none private-bin keepassxc private-dev -private-etc fonts,ld.so.cache,machine-id +private-etc alternatives,fonts,ld.so.cache,machine-id private-tmp # 2.2.4 crashes on database open diff --git a/etc/klavaro.profile b/etc/klavaro.profile index 890cde3db..04b4a5ae5 100644 --- a/etc/klavaro.profile +++ b/etc/klavaro.profile @@ -45,7 +45,7 @@ disable-mnt private-bin klavaro,tclsh,tclsh*,bash private-cache private-dev -private-etc fonts +private-etc alternatives,fonts private-tmp private-opt none private-srv none diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index 653283150..834f6f2dd 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile @@ -37,7 +37,7 @@ tracelog disable-mnt private-bin kwin_x11 private-dev -private-etc drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg +private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg private-tmp noexec ${HOME} diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 9922cb0b5..bc4fba97d 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -44,7 +44,7 @@ tracelog private-bin kwrite,kbuildsycoca4,kdeinit4 private-dev -private-etc fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg +private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg private-tmp noexec ${HOME} diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 6e53fc62b..047424e5e 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile @@ -38,7 +38,7 @@ seccomp shell none private-dev -private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id +private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id private-tmp noexec ${HOME} diff --git a/etc/lynx.profile b/etc/lynx.profile index e8d44823b..2f043c9b9 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile @@ -34,5 +34,5 @@ tracelog # private-bin lynx private-cache private-dev -# private-etc ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,ca-certificates,ssl,pki,crypto-policies private-tmp diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile index e35ddd2a7..56433df41 100644 --- a/etc/masterpdfeditor.profile +++ b/etc/masterpdfeditor.profile @@ -41,7 +41,7 @@ tracelog private-bin masterpdfeditor* private-cache private-dev -private-etc fonts +private-etc alternatives,fonts # private-lib private-tmp diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index e3220076d..1d3c21e3f 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile @@ -39,7 +39,7 @@ shell none disable-mnt private-bin mate-calc,mate-calculator -private-etc fonts +private-etc alternatives,fonts private-dev private-opt none private-tmp diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 1ba744d5a..a344f70e1 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile @@ -34,7 +34,7 @@ shell none disable-mnt private-bin mate-color-select -private-etc fonts +private-etc alternatives,fonts private-dev private-lib private-tmp diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index ba179dfdd..196f5b2c3 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile @@ -36,7 +36,7 @@ shell none disable-mnt private-bin mate-dictionary -private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies private-opt mate-dictionary private-dev private-tmp diff --git a/etc/mcabber.profile b/etc/mcabber.profile index ea4cb0250..c65a25edc 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile @@ -30,4 +30,4 @@ shell none private-bin mcabber private-dev -private-etc ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,ssl,pki,crypto-policies diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 115444e0f..32a269fd3 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile @@ -34,5 +34,5 @@ tracelog private-bin mediainfo private-cache private-dev -private-etc none +private-etc alternatives private-tmp diff --git a/etc/min.profile b/etc/min.profile index 80baedff7..6101ac2e6 100644 --- a/etc/min.profile +++ b/etc/min.profile @@ -46,7 +46,7 @@ disable-mnt private-cache private-dev # private-etc below works fine on most distributions. There are some problems on CentOS. -private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache +private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache private-tmp # memory-deny-write-execute diff --git a/etc/minetest.profile b/etc/minetest.profile index 17b39f7c6..aa50847ea 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile @@ -38,7 +38,7 @@ disable-mnt private-bin minetest private-dev # private-etc needs to be updated, see #1702 -#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id +#private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id private-tmp noexec ${HOME} diff --git a/etc/ms-office.profile b/etc/ms-office.profile index 6c8cb213f..6334ecd41 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile @@ -37,7 +37,7 @@ tracelog disable-mnt private-bin bash,fonts,env,jak,ms-office,python*,sh -private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies private-dev private-tmp diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 011e85c0e..59ad36305 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -37,7 +37,7 @@ tracelog # private-bin mupdf,sh,tempfile,rm private-dev -private-etc fonts +private-etc alternatives,fonts private-tmp # mupdf will never write anything diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index d5fde525e..54d9fb16e 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile @@ -21,7 +21,7 @@ nodvd nogroups nonewprivs noroot -nogroups +nogroups nosound notv nou2f @@ -31,7 +31,7 @@ seccomp disable-mnt private-dev -private-etc machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies noexec ${HOME} noexec /tmp diff --git a/etc/mypaint.profile b/etc/mypaint.profile index acec61816..21fd841cf 100644 --- a/etc/mypaint.profile +++ b/etc/mypaint.profile @@ -41,7 +41,7 @@ tracelog private-cache private-dev -private-etc fonts,gtk-3.0,dconf +private-etc alternatives,fonts,gtk-3.0,dconf private-tmp noexec ${HOME} diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 13fe9a9e1..b5e65e3ee 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -42,5 +42,5 @@ tracelog # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files # private-bin nautilus # private-dev -# private-etc fonts +# private-etc alternatives,fonts # private-tmp diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index 67c651429..bf8fff7cd 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile @@ -41,7 +41,7 @@ disable-mnt private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui private-cache private-dev -private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl +private-etc alternatives,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare private-tmp diff --git a/etc/nyx.profile b/etc/nyx.profile index 8d41032dd..2a078ef0f 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile @@ -42,7 +42,7 @@ disable-mnt private-bin nyx,python* private-cache private-dev -private-etc passwd,tor,fonts +private-etc alternatives,passwd,tor,fonts private-opt none private-srv none private-tmp diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile index 10f3f68a6..4a4fa828d 100644 --- a/etc/ocenaudio.profile +++ b/etc/ocenaudio.profile @@ -43,7 +43,7 @@ tracelog private-bin ocenaudio private-cache private-dev -private-etc asound.conf,fonts,ld.so.cache,pulse +private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse # private-lib private-tmp diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 3a1369b83..3e1739bf9 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile @@ -37,6 +37,6 @@ tracelog private-bin odt2txt private-cache private-dev -private-etc none +private-etc alternatives private-tmp read-only ${HOME} diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 108398104..bff42fb19 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile @@ -33,5 +33,5 @@ shell none # private-bin open-invaders private-dev -# private-etc none +# private-etc alternatives private-tmp diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 11464e6cf..e867006e5 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -19,7 +19,7 @@ seccomp #private-bin palemoon # private-etc must first be enabled in firefox-common.profile -#private-etc palemoon +#private-etc alternatives,palemoon #private-opt palemoon # Redirect diff --git a/etc/parole.profile b/etc/parole.profile index 9ad59d2e6..69ed5a2ca 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -27,4 +27,4 @@ shell none private-bin parole,dbus-launch private-cache -private-etc passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index f0db20b74..d9f721578 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile @@ -34,7 +34,7 @@ shell none private-bin pdfchain,pdftk,sh private-dev -private-etc dconf,fonts,gtk-3.0,xdg +private-etc alternatives,dconf,fonts,gtk-3.0,xdg private-tmp memory-deny-write-execute diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 6b2b0fba5..85e28372e 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -38,5 +38,5 @@ tracelog private-bin pdftotext private-dev -private-etc none +private-etc alternatives private-tmp diff --git a/etc/ping.profile b/etc/ping.profile index bdd29c1a1..373b8a918 100644 --- a/etc/ping.profile +++ b/etc/ping.profile @@ -41,7 +41,7 @@ private #private-bin has mammoth problems with execvp: "No such file or directory" private-dev # /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! -#private-etc resolv.conf,hosts,ca-certificates,ssl,pki,crypto-policies +#private-etc alternatives,resolv.conf,hosts,ca-certificates,ssl,pki,crypto-policies private-tmp # memory-deny-write-execute is built using seccomp; nonewprivs will kill it diff --git a/etc/pingus.profile b/etc/pingus.profile index f071e664f..6b664248f 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile @@ -33,5 +33,5 @@ shell none # private-bin pingus private-dev -# private-etc none +# private-etc alternatives private-tmp diff --git a/etc/pluma.profile b/etc/pluma.profile index 35b141c1a..79e4b89b3 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile @@ -37,7 +37,7 @@ tracelog private-bin pluma private-dev -# private-etc fonts +# private-etc alternatives,fonts private-lib pluma private-tmp diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index fc37e6fd2..0c8bfa770 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile @@ -37,7 +37,7 @@ shell none # private-dev is disabled to allow controller support #private-dev -private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id +private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id private-opt ppsspp private-tmp diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index c98f34e77..92cae0f97 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile @@ -42,7 +42,7 @@ shell none disable-mnt private-bin pybitmessage,python*,sh,ldconfig,env,bash,stat private-dev -private-etc PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index bb948a971..bfe8b614e 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile @@ -32,7 +32,7 @@ novideo shell none tracelog -# private-etc fonts,passwd - minimal required to run but will probably break +# private-etc alternatives,fonts,passwd - minimal required to run but will probably break # program! private-cache private-dev diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index b6b94c703..0420d38e9 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -53,7 +53,7 @@ shell none private-bin qbittorrent,python* private-dev -# private-etc X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies # private-lib - problems on Arch private-tmp diff --git a/etc/qtox.profile b/etc/qtox.profile index b6cb9772a..3dc4c6a30 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -36,7 +36,7 @@ tracelog disable-mnt private-bin qtox -private-etc fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse +private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse private-dev private-tmp diff --git a/etc/quiterss.profile b/etc/quiterss.profile index ce0816114..e6c441e27 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -47,7 +47,7 @@ tracelog disable-mnt private-bin quiterss private-dev -# private-etc X11,ssl,pki,ca-certificates,crypto-policies +# private-etc alternatives,X11,ssl,pki,ca-certificates,crypto-policies noexec ${HOME} noexec /tmp diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index efee6ce84..eef0c8fa6 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile @@ -34,7 +34,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res # tracelog private-dev -# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies # private-tmp - interferes with the opening of downloaded files noexec ${HOME} diff --git a/etc/ricochet.profile b/etc/ricochet.profile index cbdc28cf6..a67d6b7ca 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile @@ -36,7 +36,7 @@ shell none disable-mnt private-bin ricochet,tor private-dev -#private-etc fonts,tor,X11,alternatives,ca-certificates,ssl,pki,crypto-policies +#private-etc alternatives,fonts,tor,X11,alternatives,ca-certificates,ssl,pki,crypto-policies noexec ${HOME} noexec /tmp diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 8cb291ba6..d92c62a52 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -50,4 +50,4 @@ seccomp tracelog disable-mnt -# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies diff --git a/etc/server.profile b/etc/server.profile index 3526e88ab..8da4853e7 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -43,7 +43,7 @@ private # private-bin program # private-cache private-dev -# private-etc none +# private-etc alternatives # private-lib private-tmp diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 85cb00ef1..4ad841880 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile @@ -33,5 +33,5 @@ tracelog # private-bin simple-scan # private-dev -# private-etc fonts,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies # private-tmp diff --git a/etc/simutrans.profile b/etc/simutrans.profile index a4e4d892c..c07b1c145 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile @@ -33,5 +33,5 @@ shell none # private-bin simutrans private-dev -# private-etc none +# private-etc alternatives private-tmp diff --git a/etc/slack.profile b/etc/slack.profile index 995d49687..841998b0e 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -37,5 +37,5 @@ shell none disable-mnt private-bin slack,locale private-dev -private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id +private-etc alternatives,asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id private-tmp diff --git a/etc/spotify.profile b/etc/spotify.profile index 14f9f5228..60d15735d 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -46,7 +46,7 @@ tracelog disable-mnt private-bin spotify,bash,sh,zenity private-dev -private-etc fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies private-opt spotify private-tmp diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 4486c8869..0a4d38dbe 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile @@ -38,7 +38,7 @@ seccomp disable-mnt private-dev private-tmp -private-etc ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg +private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg noexec ${HOME} noexec /tmp diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index d3b0b27e3..b0cb52a0f 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile @@ -34,7 +34,7 @@ shell none disable-mnt private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf private-dev -private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache +private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache private-tmp noexec /tmp diff --git a/etc/steam.profile b/etc/steam.profile index 775b6c875..9d348347e 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -74,5 +74,5 @@ shell none # private-dev should be commented for controllers private-dev # private-etc breaks a small selection of games on some systems, comment to support those -private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release +private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release private-tmp diff --git a/etc/strings.profile b/etc/strings.profile index f243606ec..3ef3ffcb1 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -24,7 +24,7 @@ tracelog private-bin strings private-cache private-dev -private-etc none +private-etc alternatives private-lib memory-deny-write-execute diff --git a/etc/supertux2.profile b/etc/supertux2.profile index fc523ce0a..793e4126c 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile @@ -34,5 +34,5 @@ shell none disable-mnt # private-bin supertux2 private-dev -# private-etc none +# private-etc alternatives private-tmp diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 9f65a2fa1..696ac4de0 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile @@ -46,7 +46,7 @@ disable-mnt private-bin supertuxkart private-cache private-dev -private-etc resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux +private-etc alternatives,resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux private-tmp private-opt none private-srv none diff --git a/etc/surf.profile b/etc/surf.profile index 3a1b1f383..4fad4a81d 100644 --- a/etc/surf.profile +++ b/etc/surf.profile @@ -32,7 +32,7 @@ tracelog disable-mnt private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop private-dev -private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies +private-etc alternatives,passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/tar.profile b/etc/tar.profile index 9a5f00f65..d228051e8 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -26,7 +26,7 @@ tracelog # support compressed archives private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop private-dev -private-etc passwd,group,localtime +private-etc alternatives,passwd,group,localtime private-lib # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) diff --git a/etc/terasology.profile b/etc/terasology.profile index 22038e0b4..43865b6fb 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile @@ -44,7 +44,7 @@ shell none disable-mnt private-dev -private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies +private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/tilp.profile b/etc/tilp.profile index ecacd1deb..2643c9a84 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile @@ -29,7 +29,7 @@ tracelog disable-mnt private-bin tilp private-cache -private-etc fonts +private-etc alternatives,fonts private-tmp noexec ${HOME} diff --git a/etc/tor.profile b/etc/tor.profile index 04a6c3abb..418352639 100644 --- a/etc/tor.profile +++ b/etc/tor.profile @@ -46,7 +46,7 @@ private private-bin tor,bash private-cache private-dev -private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index a9244683f..2b1cc6549 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile @@ -49,7 +49,7 @@ shell none disable-mnt private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz private-dev -private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache +private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache private-tmp noexec /tmp diff --git a/etc/totem.profile b/etc/totem.profile index 3055ea542..fd473b03c 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -36,7 +36,7 @@ private-bin totem # totem needs access to ~/.cache/tracker or it exits #private-cache private-dev -# private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/tracker.profile b/etc/tracker.profile index 6d86b2951..c1779ae3e 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile @@ -33,5 +33,5 @@ tracelog # private-bin tracker # private-dev -# private-etc fonts +# private-etc alternatives,fonts # private-tmp diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 81b52ec7c..89b9b21dc 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile @@ -33,7 +33,7 @@ tracelog # private-bin transmission-cli private-dev -private-etc ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,ssl,pki,crypto-policies private-tmp memory-deny-write-execute diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 248eb977e..6154ad15b 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile @@ -31,5 +31,5 @@ shell none tracelog private-dev -private-etc none +private-etc alternatives private-tmp diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index f62f018a6..36d1319d1 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile @@ -29,5 +29,5 @@ shell none # private-bin unknown-horizons private-dev -# private-etc ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,ca-certificates,ssl,pki,crypto-policies private-tmp diff --git a/etc/unrar.profile b/etc/unrar.profile index 00fe0887b..bc5fced9f 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -25,7 +25,7 @@ tracelog private-bin unrar private-dev -private-etc passwd,group,localtime +private-etc alternatives,passwd,group,localtime private-tmp include default.profile diff --git a/etc/unzip.profile b/etc/unzip.profile index 8e659c256..1859a2248 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -25,7 +25,7 @@ tracelog private-bin unzip private-dev -private-etc passwd,group,localtime +private-etc alternatives,passwd,group,localtime # GNOME Shell integration (chrome-gnome-shell) noblacklist ${HOME}/.local/share/gnome-shell diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 3bd0ebe70..9710b1b9f 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile @@ -23,6 +23,6 @@ tracelog private-bin uudeview private-cache private-dev -private-etc ld.so.preload +private-etc alternatives,ld.so.preload include default.profile diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 4c22f8e6f..94b6c2052 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile @@ -38,7 +38,7 @@ tracelog private-bin viewnior private-cache private-dev -private-etc fonts +private-etc alternatives,fonts private-tmp # memory-deny-write-executes breaks on Arch - see issue #1808 diff --git a/etc/w3m.profile b/etc/w3m.profile index c03df49cd..143ac4f63 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -36,5 +36,5 @@ tracelog # private-bin w3m private-cache private-dev -private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies +private-etc alternatives,resolv.conf,ssl,pki,ca-certificates,crypto-policies private-tmp diff --git a/etc/waterfox.profile b/etc/waterfox.profile index 3dc21958d..7875ccb1e 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile @@ -22,7 +22,7 @@ whitelist ${HOME}/.waterfox # waterfox requires a shell to launch on Arch. We can possibly remove sh though. #private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash # private-etc must first be enabled in firefox-common.profile -#private-etc waterfox +#private-etc alternatives,waterfox # Redirect include firefox-common.profile diff --git a/etc/wget.profile b/etc/wget.profile index 87c0501da..c0a6f0d21 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -35,7 +35,7 @@ shell none # private-bin wget private-dev -# private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies # private-tmp noexec ${HOME} diff --git a/etc/whois.profile b/etc/whois.profile index 78236c02f..0e9eb05a5 100644 --- a/etc/whois.profile +++ b/etc/whois.profile @@ -38,7 +38,7 @@ private private-bin sh,bash,whois private-cache private-dev -# private-etc hosts,services,whois.conf +# private-etc alternatives,hosts,services,whois.conf private-lib private-tmp diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index f464a2fb9..e974e4304 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile @@ -37,5 +37,5 @@ shell none disable-mnt private-bin wire-desktop private-dev -private-etc fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies private-tmp diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 4f1142826..a08b97d05 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile @@ -45,7 +45,7 @@ tracelog # private-bin wireshark private-dev -# private-etc fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/xed.profile b/etc/xed.profile index 7dffae05a..cd565f684 100644 --- a/etc/xed.profile +++ b/etc/xed.profile @@ -42,7 +42,7 @@ tracelog private-bin xed private-dev -# private-etc fonts +# private-etc alternatives,fonts private-tmp # xed uses python plugins, memory-deny-write-execute breaks python diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 3dc525755..1cb7f568a 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile @@ -29,5 +29,5 @@ tracelog # private-bin xfburn # private-dev -# private-etc fonts +# private-etc alternatives,fonts # private-tmp diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 6adfcd819..3ad03e2c6 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile @@ -38,5 +38,5 @@ tracelog private-bin xiphos private-dev -private-etc fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies private-tmp diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 25b2b8c91..99c9676b8 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile @@ -37,7 +37,7 @@ disable-mnt private ${HOME}/.xmr-stak private-bin xmr-stak private-dev -private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend private-opt cuda private-tmp diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 054cf4896..9d422a01e 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile @@ -36,7 +36,7 @@ shell none disable-mnt private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl private-dev -private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id +private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id private-tmp noexec ${HOME} diff --git a/etc/xplayer.profile b/etc/xplayer.profile index b8297295a..0df879d7c 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -40,7 +40,7 @@ tracelog private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer private-dev -# private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +# private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/xpra.profile b/etc/xpra.profile index 23f3294bd..2ff6c2a5d 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile @@ -52,5 +52,5 @@ shell none # older Xpra versions also use Xvfb # private-bin xpra,python*,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls private-dev -# private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 +# private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 private-tmp diff --git a/etc/xreader.profile b/etc/xreader.profile index a879e8b04..e0a3ddee3 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -38,7 +38,7 @@ tracelog private-bin xreader,xreader-previewer,xreader-thumbnailer private-dev -private-etc fonts,ld.so.cache +private-etc alternatives,fonts,ld.so.cache private-tmp memory-deny-write-execute diff --git a/etc/xviewer.profile b/etc/xviewer.profile index e6185807e..c73630053 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -38,7 +38,7 @@ tracelog private-bin xviewer private-dev -#private-etc fonts +#private-etc alternatives,fonts private-lib private-tmp diff --git a/etc/zathura.profile b/etc/zathura.profile index 2eee47fa0..922284353 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -35,7 +35,7 @@ shell none private-bin zathura private-cache private-dev -private-etc fonts,machine-id +private-etc alternatives,fonts,machine-id private-tmp read-only ${HOME}/ -- cgit v1.2.3-54-g00ecf From 3e1ffebfe3e36dee772649a5eaf81bdb695a5ce9 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Sun, 17 Feb 2019 15:14:04 -0600 Subject: Fixes from review of 2415 --- etc/display.profile | 3 ++- etc/firefox.profile | 2 +- etc/ping.profile | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) (limited to 'etc') diff --git a/etc/display.profile b/etc/display.profile index 7e4263d2e..ff19365ad 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -39,5 +39,6 @@ shell none private-bin display,python* private-dev -# private-etc alternatives - on Debian-based systems display is a symlink in /etc/alternatives +# On Debian-based systems, display is a symlink in /etc/alternatives +private-etc alternatives private-tmp diff --git a/etc/firefox.profile b/etc/firefox.profile index 2861a91b4..830bbc6a7 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -17,7 +17,7 @@ whitelist ${HOME}/.mozilla # firefox requires a shell to launch on Arch. #private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash # private-etc must first be enabled in firefox-common.profile -#private-etc alternatives,firefox +#private-etc firefox # Redirect include firefox-common.profile diff --git a/etc/ping.profile b/etc/ping.profile index 373b8a918..bdd29c1a1 100644 --- a/etc/ping.profile +++ b/etc/ping.profile @@ -41,7 +41,7 @@ private #private-bin has mammoth problems with execvp: "No such file or directory" private-dev # /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! -#private-etc alternatives,resolv.conf,hosts,ca-certificates,ssl,pki,crypto-policies +#private-etc resolv.conf,hosts,ca-certificates,ssl,pki,crypto-policies private-tmp # memory-deny-write-execute is built using seccomp; nonewprivs will kill it -- cgit v1.2.3-54-g00ecf From 9ddf24fdc336318573ba16eb6b38930f91d6de88 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Sun, 17 Feb 2019 15:18:36 -0600 Subject: Remove 'alternatives' from private-etc if firefox-common is included --- etc/abrowser.profile | 2 +- etc/basilisk.profile | 2 +- etc/cliqz.profile | 2 +- etc/cyberfox.profile | 2 +- etc/firefox-common-addons.inc | 2 +- etc/icecat.profile | 2 +- etc/iceweasel.profile | 2 +- etc/palemoon.profile | 2 +- etc/waterfox.profile | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) (limited to 'etc') diff --git a/etc/abrowser.profile b/etc/abrowser.profile index b88d7b5f4..010247c6b 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -14,7 +14,7 @@ whitelist ${HOME}/.cache/mozilla/abrowser whitelist ${HOME}/.mozilla # private-etc must first be enabled in firefox-common.profile -#private-etc abrowser, alternatives +#private-etc abrowser # Redirect diff --git a/etc/basilisk.profile b/etc/basilisk.profile index 21daebaac..5f9fc8ef7 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile @@ -20,7 +20,7 @@ seccomp #private-bin basilisk # private-etc must first be enabled in firefox-common.profile -#private-etc alternatives,basilisk +#private-etc basilisk #private-opt basilisk # Redirect diff --git a/etc/cliqz.profile b/etc/cliqz.profile index b1e4ea613..d0b8cc0ef 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile @@ -17,7 +17,7 @@ whitelist ${HOME}/.cliqz whitelist ${HOME}/.config/cliqz # private-etc must first be enabled in firefox-common.profile -#private-etc alternatives,cliqz +#private-etc cliqz # Redirect include firefox-common.profile diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index 147791d26..fcb448b30 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -15,7 +15,7 @@ whitelist ${HOME}/.cache/8pecxstudios # private-bin cyberfox,which,sh,dbus-launch,dbus-send,env # private-etc must first be enabled in firefox-common.profile -#private-etc alternatives,cyberfox +#private-etc cyberfox # Redirect include firefox-common.profile diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc index 1932b2f1c..7a0c3e99f 100644 --- a/etc/firefox-common-addons.inc +++ b/etc/firefox-common-addons.inc @@ -61,4 +61,4 @@ noblacklist /usr/lib/python3* # Flash plugin # private-etc must first be enabled in firefox-common.profile and in profiles including it. -#private-etc alternatives,adobe +#private-etc adobe diff --git a/etc/icecat.profile b/etc/icecat.profile index 0dae814c0..660343a29 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -14,7 +14,7 @@ whitelist ${HOME}/.cache/mozilla/icecat whitelist ${HOME}/.mozilla # private-etc must first be enabled in firefox-common.profile -#private-etc alternatives,icecat +#private-etc icecat # Redirect include firefox-common.profile diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile index 4184b23a7..24a2f4cc3 100644 --- a/etc/iceweasel.profile +++ b/etc/iceweasel.profile @@ -6,7 +6,7 @@ include iceweasel.local include globals.local # private-etc must first be enabled in firefox-common.profile -#private-etc alternatives,iceweasel +#private-etc iceweasel # Redirect include firefox.profile diff --git a/etc/palemoon.profile b/etc/palemoon.profile index e867006e5..11464e6cf 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -19,7 +19,7 @@ seccomp #private-bin palemoon # private-etc must first be enabled in firefox-common.profile -#private-etc alternatives,palemoon +#private-etc palemoon #private-opt palemoon # Redirect diff --git a/etc/waterfox.profile b/etc/waterfox.profile index 7875ccb1e..3dc21958d 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile @@ -22,7 +22,7 @@ whitelist ${HOME}/.waterfox # waterfox requires a shell to launch on Arch. We can possibly remove sh though. #private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash # private-etc must first be enabled in firefox-common.profile -#private-etc alternatives,waterfox +#private-etc waterfox # Redirect include firefox-common.profile -- cgit v1.2.3-54-g00ecf