From 284e0750e51bc9f9833b529eead37b42d1b223f0 Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 15 Oct 2018 13:10:35 -0400 Subject: Add nou2f to all profiles - Closes #2194 --- etc/0ad.profile | 1 + etc/2048-qt.profile | 1 + etc/7z.profile | 1 + etc/Cryptocat.profile | 1 + etc/Fritzing.profile | 1 + etc/JDownloader.profile | 1 + etc/XMind.profile | 1 + etc/Xephyr.profile | 1 + etc/Xvfb.profile | 1 + etc/akonadi_control.profile | 1 + etc/akregator.profile | 1 + etc/amarok.profile | 1 + etc/amule.profile | 1 + etc/anydesk.profile | 1 + etc/apktool.profile | 1 + etc/arch-audit.profile | 1 + etc/ardour5.profile | 1 + etc/aria2c.profile | 1 + etc/ark.profile | 1 + etc/arm.profile | 1 + etc/asunder.profile | 1 + etc/atom.profile | 1 + etc/atool.profile | 1 + etc/atril.profile | 1 + etc/audacious.profile | 1 + etc/audacity.profile | 1 + etc/authenticator.profile | 2 +- etc/aweather.profile | 1 + etc/baloo_file.profile | 1 + etc/baobab.profile | 1 + etc/bibletime.profile | 1 + etc/bitcoin-qt.profile | 1 + etc/bitlbee.profile | 1 + etc/bleachbit.profile | 1 + etc/blender.profile | 1 + etc/bless.profile | 1 + etc/bluefish.profile | 1 + etc/brackets.profile | 1 + etc/bsdtar.profile | 1 + etc/calibre.profile | 1 + etc/calligra.profile | 1 + etc/checkbashisms.profile | 1 + etc/cherrytree.profile | 1 + etc/chromium-common.profile | 1 + etc/cin.profile | 1 + etc/clamav.profile | 1 + etc/clamtk.profile | 1 + etc/clementine.profile | 1 + etc/clion.profile | 1 + etc/clipit.profile | 1 + etc/code.profile | 1 + etc/conky.profile | 1 + etc/corebird.profile | 1 + etc/cower.profile | 1 + etc/cpio.profile | 1 + etc/curl.profile | 1 + etc/darktable.profile | 1 + etc/deadbeef.profile | 1 + etc/deluge.profile | 1 + etc/dex2jar.profile | 1 + etc/dia.profile | 1 + etc/dig.profile | 1 + etc/dillo.profile | 1 + etc/dino.profile | 1 + etc/discord-common.profile | 1 + etc/display.profile | 1 + etc/dnscrypt-proxy.profile | 1 + etc/dnsmasq.profile | 1 + etc/dooble.profile | 1 + etc/dosbox.profile | 1 + etc/dragon.profile | 1 + etc/dropbox.profile | 1 + etc/electrum.profile | 1 + etc/elinks.profile | 1 + etc/enchant.profile | 1 + etc/engrampa.profile | 1 + etc/enpass.profile | 1 + etc/eog.profile | 1 + etc/eom.profile | 1 + etc/etr.profile | 1 + etc/evince.profile | 1 + etc/evolution.profile | 1 + etc/exiftool.profile | 1 + etc/falkon.profile | 1 + etc/fbreader.profile | 1 + etc/feh.profile | 1 + etc/fetchmail.profile | 1 + etc/ffmpeg.profile | 1 + etc/file-roller.profile | 1 + etc/file.profile | 1 + etc/filezilla.profile | 1 + etc/firefox-common.profile | 1 + etc/flameshot.profile | 1 + etc/flowblade.profile | 1 + etc/fontforge.profile | 1 + etc/franz.profile | 1 + etc/freecad.profile | 1 + etc/freshclam.profile | 1 + etc/frozen-bubble.profile | 1 + etc/gajim.profile | 1 + etc/galculator.profile | 1 + etc/gcloud.profile | 1 + etc/geany.profile | 1 + etc/gedit.profile | 1 + etc/geeqie.profile | 1 + etc/gimp.profile | 1 + etc/git.profile | 1 + etc/gitg.profile | 1 + etc/gitter.profile | 1 + etc/gjs.profile | 1 + etc/globaltime.profile | 1 + etc/gnome-2048.profile | 1 + etc/gnome-books.profile | 1 + etc/gnome-builder.profile | 1 + etc/gnome-calculator.profile | 1 + etc/gnome-chess.profile | 1 + etc/gnome-clocks.profile | 1 + etc/gnome-contacts.profile | 1 + etc/gnome-documents.profile | 1 + etc/gnome-font-viewer.profile | 1 + etc/gnome-logs.profile | 1 + etc/gnome-maps.profile | 1 + etc/gnome-mplayer.profile | 1 + etc/gnome-mpv.profile | 1 + etc/gnome-music.profile | 1 + etc/gnome-photos.profile | 1 + etc/gnome-recipes.profile | 1 + etc/gnome-twitch.profile | 1 + etc/gnome-weather.profile | 1 + etc/goobox.profile | 1 + etc/google-earth.profile | 1 + etc/google-play-music-desktop-player.profile | 1 + etc/gpa.profile | 1 + etc/gpg-agent.profile | 1 + etc/gpg.profile | 1 + etc/gpicview.profile | 1 + etc/gpredict.profile | 1 + etc/gthumb.profile | 1 + etc/guayadeque.profile | 1 + etc/gucharmap.profile | 1 + etc/gwenview.profile | 1 + etc/gzip.profile | 1 + etc/handbrake.profile | 1 + etc/hashcat.profile | 1 + etc/hedgewars.profile | 1 + etc/hexchat.profile | 1 + etc/highlight.profile | 1 + etc/hugin.profile | 1 + etc/idea.sh.profile | 1 + etc/imagej.profile | 1 + etc/img2txt.profile | 1 + etc/inkscape.profile | 1 + etc/itch.profile | 1 + etc/jd-gui.profile | 1 + etc/kaffeine.profile | 1 + etc/kate.profile | 1 + etc/kcalc.profile | 1 + etc/kdeinit4.profile | 1 + etc/kdenlive.profile | 1 + etc/keepass.profile | 1 + etc/keepassx.profile | 1 + etc/keepassxc.profile | 1 + etc/kget.profile | 1 + etc/kino.profile | 1 + etc/kmail.profile | 1 + etc/kodi.profile | 1 + etc/konversation.profile | 1 + etc/kopete.profile | 1 + etc/krita.profile | 1 + etc/ktorrent.profile | 1 + etc/kwin_x11.profile | 1 + etc/kwrite.profile | 1 + etc/leafpad.profile | 1 + etc/less.profile | 1 + etc/libreoffice.profile | 1 + etc/liferea.profile | 1 + etc/linphone.profile | 1 + etc/lmms.profile | 1 + etc/lollypop.profile | 1 + etc/luminance-hdr.profile | 1 + etc/lximage-qt.profile | 1 + etc/lxmusic.profile | 1 + etc/lynx.profile | 1 + etc/macrofusion.profile | 1 + etc/mate-calc.profile | 1 + etc/mate-color-select.profile | 1 + etc/mate-dictionary.profile | 1 + etc/mcabber.profile | 1 + etc/mediainfo.profile | 1 + etc/mediathekview.profile | 1 + etc/meld.profile | 1 + etc/min.profile | 1 + etc/minetest.profile | 1 + etc/mousepad.profile | 1 + etc/mpd.profile | 1 + etc/mplayer.profile | 1 + etc/mpv.profile | 1 + etc/ms-office.profile | 1 + etc/multimc5.profile | 1 + etc/mupdf.profile | 1 + etc/musixmatch.profile | 1 + etc/mutt.profile | 1 + etc/ncdu.profile | 1 + etc/neverball.profile | 1 + etc/nylas.profile | 1 + etc/obs.profile | 1 + etc/odt2txt.profile | 1 + etc/okular.profile | 1 + etc/onionshare-gui.profile | 1 + etc/open-invaders.profile | 1 + etc/openshot.profile | 1 + etc/orage.profile | 1 + etc/patch.profile | 1 + etc/pdfchain.profile | 1 + etc/pdfmod.profile | 1 + etc/pdfsam.profile | 1 + etc/pdftotext.profile | 1 + etc/peek.profile | 1 + etc/picard.profile | 1 + etc/pidgin.profile | 1 + etc/ping.profile | 3 +-- etc/pingus.profile | 1 + etc/pinta.profile | 1 + etc/pithos.profile | 1 + etc/pitivi.profile | 1 + etc/pix.profile | 1 + etc/pluma.profile | 1 + etc/polari.profile | 1 + etc/psi-plus.profile | 1 + etc/pybitmessage.profile | 1 + etc/pycharm-community.profile | 1 + etc/qbittorrent.profile | 1 + etc/qlipper.profile | 1 + etc/qmmp.profile | 1 + etc/qpdfview.profile | 1 + etc/qtox.profile | 1 + etc/quiterss.profile | 1 + etc/qupzilla.profile | 1 + etc/ranger.profile | 1 + etc/redeclipse.profile | 1 + etc/remmina.profile | 1 + etc/rhythmbox.profile | 1 + etc/ricochet.profile | 1 + etc/ristretto.profile | 1 + etc/rtorrent.profile | 1 + etc/sayonara.profile | 1 + etc/scallion.profile | 1 + etc/scribus.profile | 1 + etc/sdat2img.profile | 1 + etc/server.profile | 1 + etc/shellcheck.profile | 1 + etc/shotcut.profile | 1 + etc/signal-desktop.profile | 1 + etc/silentarmy.profile | 1 + etc/simutrans.profile | 1 + etc/skype.profile | 1 + etc/slack.profile | 1 + etc/smplayer.profile | 1 + etc/smtube.profile | 1 + etc/soundconverter.profile | 1 + etc/spotify.profile | 1 + etc/sqlitebrowser.profile | 1 + etc/ssh.profile | 1 + etc/standardnotes-desktop.profile | 1 + etc/start-tor-browser.profile | 1 + etc/steam.profile | 1 + etc/stellarium.profile | 1 + etc/strings.profile | 1 + etc/supertux2.profile | 1 + etc/surf.profile | 1 + etc/sylpheed.profile | 1 + etc/synfigstudio.profile | 1 + etc/tar.profile | 1 + etc/teamspeak3.profile | 1 + etc/terasology.profile | 1 + etc/tor.profile | 1 + etc/torbrowser-launcher.profile | 1 + etc/totem.profile | 1 + etc/transmission-cli.profile | 1 + etc/transmission-gtk.profile | 1 + etc/transmission-qt.profile | 1 + etc/transmission-show.profile | 1 + etc/truecraft.profile | 1 + etc/tuxguitar.profile | 1 + etc/uefitool.profile | 1 + etc/uget-gtk.profile | 1 + etc/unbound.profile | 1 + etc/unknown-horizons.profile | 1 + etc/unrar.profile | 1 + etc/unzip.profile | 1 + etc/uudeview.profile | 1 + etc/viewnior.profile | 1 + etc/viking.profile | 1 + etc/vim.profile | 1 + etc/vlc.profile | 1 + etc/vym.profile | 1 + etc/w3m.profile | 1 + etc/warzone2100.profile | 1 + etc/webstorm.profile | 1 + etc/wesnoth.profile | 1 + etc/wget.profile | 1 + etc/whois.profile | 1 + etc/wire-desktop.profile | 1 + etc/wireshark.profile | 1 + etc/x-terminal-emulator.profile | 1 + etc/xcalc.profile | 1 + etc/xed.profile | 1 + etc/xfce4-dict.profile | 1 + etc/xfce4-notes.profile | 1 + etc/xiphos.profile | 1 + etc/xmms.profile | 1 + etc/xmr-stak.profile | 1 + etc/xonotic.profile | 1 + etc/xpdf.profile | 1 + etc/xplayer.profile | 1 + etc/xpra.profile | 1 + etc/xreader.profile | 1 + etc/xviewer.profile | 1 + etc/xzdec.profile | 1 + etc/youtube-dl.profile | 1 + etc/zaproxy.profile | 1 + etc/zart.profile | 1 + etc/zathura.profile | 1 + 323 files changed, 323 insertions(+), 3 deletions(-) (limited to 'etc') diff --git a/etc/0ad.profile b/etc/0ad.profile index f9320f6c7..34e50f330 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -32,6 +32,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 56b38f5a2..fe6bc5ca8 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/7z.profile b/etc/7z.profile index e3f27b93f..22f4af4b2 100644 --- a/etc/7z.profile +++ b/etc/7z.profile @@ -16,6 +16,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index f1336be3e..56b9d7f38 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile @@ -21,6 +21,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile index 2e4d235b6..44eb7a37d 100644 --- a/etc/Fritzing.profile +++ b/etc/Fritzing.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile index 659a41603..125ed568c 100644 --- a/etc/JDownloader.profile +++ b/etc/JDownloader.profile @@ -38,6 +38,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/XMind.profile b/etc/XMind.profile index ff6258ca2..64f6f42f9 100644 --- a/etc/XMind.profile +++ b/etc/XMind.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index c0c322b67..7833b82e2 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile @@ -29,6 +29,7 @@ nonewprivs # noroot nosound notv +nou2f protocol unix seccomp shell none diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 4ae2d20d2..fcdc4fa74 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile @@ -31,6 +31,7 @@ nonewprivs #noroot nosound notv +nou2f protocol unix seccomp shell none diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 0cbe306e8..0c5aa0d04 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile @@ -42,6 +42,7 @@ nogroups noroot nosound notv +nou2f novideo # protocol unix,inet,inet6 # seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice diff --git a/etc/akregator.profile b/etc/akregator.profile index af8dd2a3e..cd6621b47 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile @@ -31,6 +31,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6,netlink # chroot syscalls are needed for setting up the built-in sandbox diff --git a/etc/amarok.profile b/etc/amarok.profile index 3ee50a20b..cfde146e9 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 # seccomp diff --git a/etc/amule.profile b/etc/amule.profile index f052a312f..7bc6e32d6 100644 --- a/etc/amule.profile +++ b/etc/amule.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/anydesk.profile b/etc/anydesk.profile index 17e083f4e..aea5961a0 100644 --- a/etc/anydesk.profile +++ b/etc/anydesk.profile @@ -24,6 +24,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/apktool.profile b/etc/apktool.profile index d157b1478..192069561 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 9cd200ef2..377b597d7 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 99649cc3f..f5cdee1fb 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile @@ -28,6 +28,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix seccomp shell none diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 4231c58ff..0f6b79346 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/ark.profile b/etc/ark.profile index d5a7f45f4..6a8e2dad9 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/arm.profile b/etc/arm.profile index da9b45928..02246e8e9 100644 --- a/etc/arm.profile +++ b/etc/arm.profile @@ -34,6 +34,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/asunder.profile b/etc/asunder.profile index 9c059ed0a..30cb7ebdc 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile @@ -28,6 +28,7 @@ nodbus # nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/atom.profile b/etc/atom.profile index 1ff4e162d..96b9f5020 100644 --- a/etc/atom.profile +++ b/etc/atom.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/atool.profile b/etc/atool.profile index c672ed11d..7545bfb1a 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/atril.profile b/etc/atril.profile index 6e5286e5f..27327418d 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -32,6 +32,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/audacious.profile b/etc/audacious.profile index 627c1a72d..6a32c5633 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/audacity.profile b/etc/audacity.profile index 685319f7f..14d56202c 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -29,6 +29,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix seccomp diff --git a/etc/authenticator.profile b/etc/authenticator.profile index f10abdda8..02e8d7f7f 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile @@ -30,8 +30,8 @@ nonewprivs noroot nosound notv -# novideo nou2f +# novideo protocol unix seccomp shell none diff --git a/etc/aweather.profile b/etc/aweather.profile index 823b07c8c..6bf83ffc3 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 240573f44..88bc67474 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix # blacklisting of ioprio_set system calls breaks baloo_file diff --git a/etc/baobab.profile b/etc/baobab.profile index d0c3f2712..3e3b0280d 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile @@ -22,6 +22,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 57595e8e2..d2a9dba5e 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 9b6affe24..69a4f9a51 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile @@ -32,6 +32,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index e663d7799..c5a7c8e9a 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile @@ -23,6 +23,7 @@ nodvd nonewprivs nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 49d058ab4..8d1e4397a 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/blender.profile b/etc/blender.profile index 43a8622f7..6456f0a46 100644 --- a/etc/blender.profile +++ b/etc/blender.profile @@ -32,6 +32,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/bless.profile b/etc/bless.profile index 0da3436e8..10e31b014 100644 --- a/etc/bless.profile +++ b/etc/bless.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 23ba34d42..60e26d264 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/brackets.profile b/etc/brackets.profile index 8f1068506..5c7950e70 100644 --- a/etc/brackets.profile +++ b/etc/brackets.profile @@ -21,6 +21,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index 57220ef4a..2cb3ddf82 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile @@ -25,6 +25,7 @@ nonewprivs # noroot nosound notv +nou2f novideo nonewprivs protocol unix diff --git a/etc/calibre.profile b/etc/calibre.profile index 7a5d798c5..ed0304b4a 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/calligra.profile b/etc/calligra.profile index ab2845db4..649e87f95 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix seccomp diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index c8b8be04e..9d3eb65f8 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile @@ -36,6 +36,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 0159bddae..599e81663 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index fc3df86db..5815be9fb 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile @@ -27,6 +27,7 @@ nodbus nodvd nogroups notv +nou2f shell none disable-mnt diff --git a/etc/cin.profile b/etc/cin.profile index 92baef33a..cf797723d 100644 --- a/etc/cin.profile +++ b/etc/cin.profile @@ -21,6 +21,7 @@ nodvd #nogroups nonewprivs notv +nou2f noroot protocol unix diff --git a/etc/clamav.profile b/etc/clamav.profile index cf46b8582..362cf8b35 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile @@ -18,6 +18,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/clamtk.profile b/etc/clamtk.profile index d916381b2..b6f6169ac 100644 --- a/etc/clamtk.profile +++ b/etc/clamtk.profile @@ -16,6 +16,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/clementine.profile b/etc/clementine.profile index a72bc39cf..dbf465500 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -23,6 +23,7 @@ caps.drop all nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 # blacklisting of ioprio_set system calls breaks clementine diff --git a/etc/clion.profile b/etc/clion.profile index bcb18114e..9d559bd3a 100644 --- a/etc/clion.profile +++ b/etc/clion.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/clipit.profile b/etc/clipit.profile index fd6fbd61b..dbd261946 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/code.profile b/etc/code.profile index ab69008f1..496222e4b 100644 --- a/etc/code.profile +++ b/etc/code.profile @@ -21,6 +21,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/conky.profile b/etc/conky.profile index f6d07d6de..389b56783 100644 --- a/etc/conky.profile +++ b/etc/conky.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/corebird.profile b/etc/corebird.profile index c7f8a8874..16f531096 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile @@ -24,6 +24,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/cower.profile b/etc/cower.profile index dcc388f87..42a1f91cc 100644 --- a/etc/cower.profile +++ b/etc/cower.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/cpio.profile b/etc/cpio.profile index 3c7d0748c..4593ffa0d 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile @@ -24,6 +24,7 @@ nodvd nonewprivs nosound notv +nou2f novideo seccomp shell none diff --git a/etc/curl.profile b/etc/curl.profile index e77b8bf4f..7b5e7e9ae 100644 --- a/etc/curl.profile +++ b/etc/curl.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/darktable.profile b/etc/darktable.profile index 74144e68e..0cbde2ee4 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 8f5961647..c7a0b40d3 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/deluge.profile b/etc/deluge.profile index 27ca036ca..c01f16588 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -34,6 +34,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index da59fc71a..d49808ea3 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/dia.profile b/etc/dia.profile index fdc40980f..48aae15cd 100644 --- a/etc/dia.profile +++ b/etc/dia.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/dig.profile b/etc/dig.profile index 4b6ab0975..05eb93fd1 100644 --- a/etc/dig.profile +++ b/etc/dig.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/dillo.profile b/etc/dillo.profile index 8c3da1b3e..57a0628b5 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile @@ -28,6 +28,7 @@ nodvd nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp tracelog diff --git a/etc/dino.profile b/etc/dino.profile index a39ec8931..aa05bf518 100644 --- a/etc/dino.profile +++ b/etc/dino.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/discord-common.profile b/etc/discord-common.profile index babef37b1..0db05de05 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/display.profile b/etc/display.profile index 41a426375..ebb3d46c5 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix seccomp shell none diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index ce73d7e72..3b8543129 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile @@ -24,6 +24,7 @@ nodvd nonewprivs nosound notv +nou2f novideo seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index d68806945..5da1d95e1 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile @@ -24,6 +24,7 @@ nodvd nonewprivs nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/dooble.profile b/etc/dooble.profile index df68a4aef..79d36a973 100644 --- a/etc/dooble.profile +++ b/etc/dooble.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 319daf407..ba73dca9e 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/dragon.profile b/etc/dragon.profile index 9f41bf87a..80f2284c5 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 24b69e118..eaf1c3e6d 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -34,6 +34,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/electrum.profile b/etc/electrum.profile index b3e1ab36f..308d3c284 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile @@ -37,6 +37,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/elinks.profile b/etc/elinks.profile index bafc19e1a..c20b7f4d0 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/enchant.profile b/etc/enchant.profile index cf7d76b4c..a765000c3 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/engrampa.profile b/etc/engrampa.profile index eaf246d3c..3f18b4fc6 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/enpass.profile b/etc/enpass.profile index 3a30f8b04..e58da7598 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/eog.profile b/etc/eog.profile index 017fe5c75..0e7a8d928 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/eom.profile b/etc/eom.profile index a0ce712c8..7d9937159 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/etr.profile b/etc/etr.profile index 5c01636cc..82c93b7a8 100644 --- a/etc/etr.profile +++ b/etc/etr.profile @@ -24,6 +24,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,netlink seccomp shell none diff --git a/etc/evince.profile b/etc/evince.profile index ea46ccc40..4f514f9e9 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/evolution.profile b/etc/evolution.profile index f691b3c3d..db1af275b 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 2666397f4..b16b5e297 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/falkon.profile b/etc/falkon.profile index 41e1386dd..e5ed66751 100644 --- a/etc/falkon.profile +++ b/etc/falkon.profile @@ -28,6 +28,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink # blacklisting of chroot system calls breaks falkon seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice diff --git a/etc/fbreader.profile b/etc/fbreader.profile index c5afde9ec..c0f148d65 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/feh.profile b/etc/feh.profile index 197581ae7..ec87e7916 100644 --- a/etc/feh.profile +++ b/etc/feh.profile @@ -22,6 +22,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile index d9b347d70..9b35ad0e7 100644 --- a/etc/fetchmail.profile +++ b/etc/fetchmail.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 09574ffb7..ef54de241 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile @@ -22,6 +22,7 @@ nodbus nodvd nosound notv +nou2f novideo nonewprivs noroot diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 11883f03e..c1c51df52 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/file.profile b/etc/file.profile index fbeea83a8..48a6cec3f 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -23,6 +23,7 @@ nogroups nonewprivs nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 7a5ad4301..3f8e5e109 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 8ed26e22f..528423583 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile @@ -35,6 +35,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice shell none diff --git a/etc/flameshot.profile b/etc/flameshot.profile index e4987280a..ff576610b 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/flowblade.profile b/etc/flowblade.profile index bc95a2b51..ce7bff61d 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile @@ -28,6 +28,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 2ae80964d..07fef9ed6 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/franz.profile b/etc/franz.profile index fbe1c0f65..f46ebe604 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -30,6 +30,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/freecad.profile b/etc/freecad.profile index 934f1d0fb..0c0647eaf 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/freshclam.profile b/etc/freshclam.profile index 4e224dd3e..35b9d1ad7 100644 --- a/etc/freshclam.profile +++ b/etc/freshclam.profile @@ -16,6 +16,7 @@ nogroups nonewprivs nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 279e5d403..a618a6465 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,netlink seccomp shell none diff --git a/etc/gajim.profile b/etc/gajim.profile index 90ba59954..a93f38485 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -38,6 +38,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp diff --git a/etc/galculator.profile b/etc/galculator.profile index 699fb7d78..5af950e9b 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/gcloud.profile b/etc/gcloud.profile index 195dc9302..aeb377118 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile @@ -24,6 +24,7 @@ nodvd nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/geany.profile b/etc/geany.profile index d69bca1ad..1be34e6a8 100644 --- a/etc/geany.profile +++ b/etc/geany.profile @@ -21,6 +21,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gedit.profile b/etc/gedit.profile index 1a4d9634a..875f47a0f 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 3fbe245d6..a24e75476 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/gimp.profile b/etc/gimp.profile index fa27d2cea..3a3b2061f 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix seccomp shell none diff --git a/etc/git.profile b/etc/git.profile index 9c8d22fd3..40beaf2da 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gitg.profile b/etc/gitg.profile index 87d8c0a1f..83e11c4d9 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gitter.profile b/etc/gitter.profile index b5bedb66d..f473e18ea 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/gjs.profile b/etc/gjs.profile index a603ad695..be8484278 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/globaltime.profile b/etc/globaltime.profile index e414abf8c..59a117a7b 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 62b67b942..1a9ca7641 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile @@ -26,6 +26,7 @@ nodvd nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 6fc2671d8..24aeaeb9d 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index 3b7e3d53a..33c13360f 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 315564ee5..f6632c2c2 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 74194cb33..348ef1798 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index a914c302f..66a362707 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile @@ -24,6 +24,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index 91593c89b..93af764e7 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 44886d562..ce75d6fea 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index e11d6eb5d..751295f23 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index edb895794..03f4e5dee 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index f8ff61d84..01facaaa8 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 9ba4969e5..4acbf7a42 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -21,6 +21,7 @@ caps.drop all nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile index 84a70c4c5..d8f66fb46 100644 --- a/etc/gnome-mpv.profile +++ b/etc/gnome-mpv.profile @@ -24,6 +24,7 @@ nodbus nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 819c40c98..3347d7070 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -31,6 +31,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix seccomp diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 5a3ac53d8..097c0e747 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix seccomp shell none diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index ed6d341eb..4c36e9c0a 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index e670ba22f..c260ada1a 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 4d28278b1..20aa56c6d 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/goobox.profile b/etc/goobox.profile index ba949f1c9..b004c56db 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/google-earth.profile b/etc/google-earth.profile index bafa716d1..ab49de4d8 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile @@ -37,6 +37,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 7a19cc676..c31aace87 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/gpa.profile b/etc/gpa.profile index c890beb2e..fed06dadd 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile @@ -22,6 +22,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 0cc17b366..f0703a3a8 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gpg.profile b/etc/gpg.profile index 259a95807..9ddcc3d54 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 04aecc782..f39ed5e95 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/gpredict.profile b/etc/gpredict.profile index ea60e7287..4884c9fa1 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 6c4de8bf0..6b3c844cb 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index 775c79521..7d6124538 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 88e441b14..ab5fe324c 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/gwenview.profile b/etc/gwenview.profile index cf9b27e0f..00b64b3e0 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -34,6 +34,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix seccomp diff --git a/etc/gzip.profile b/etc/gzip.profile index 9157d398a..0c43a7ab2 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile @@ -17,6 +17,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 32da097ce..40f16ffc7 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile @@ -26,6 +26,7 @@ nodbus nogroups nonewprivs noroot +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/hashcat.profile b/etc/hashcat.profile index 8bc861dde..c2a498af4 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 542771639..e479ead30 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot notv +nou2f seccomp tracelog diff --git a/etc/hexchat.profile b/etc/hexchat.profile index a2c163e6a..24981c4ae 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -36,6 +36,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/highlight.profile b/etc/highlight.profile index d313f2769..6f3440b1b 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/hugin.profile b/etc/hugin.profile index 35505c698..93fb8003b 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index 06328ccbf..1f460822a 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/imagej.profile b/etc/imagej.profile index 4de064390..a218b89a5 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/img2txt.profile b/etc/img2txt.profile index c9ee18f80..501f390cb 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 56fdfd081..129d04098 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/itch.profile b/etc/itch.profile index 2ad669952..d2e32e9a1 100644 --- a/etc/itch.profile +++ b/etc/itch.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 3a280dab7..f0ffcd0d6 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile index 204c20501..8fe79166c 100644 --- a/etc/kaffeine.profile +++ b/etc/kaffeine.profile @@ -29,6 +29,7 @@ netfilter nogroups nonewprivs noroot +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/kate.profile b/etc/kate.profile index 8a53a56a8..7a92cff53 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 20ad8f23a..563776166 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile index 76de15ccf..523a71efc 100644 --- a/etc/kdeinit4.profile +++ b/etc/kdeinit4.profile @@ -22,6 +22,7 @@ nogroups nonewprivs # nosound - disabled for knotify noroot +nou2f novideo notv protocol unix,inet,inet6,netlink diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 4aca10995..ce86bae3d 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,netlink seccomp shell none diff --git a/etc/keepass.profile b/etc/keepass.profile index e27248357..ea55c6a23 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 94aaa5597..007c49f4a 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile @@ -32,6 +32,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index a00d17878..752ad4e98 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile @@ -34,6 +34,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/kget.profile b/etc/kget.profile index a32b51626..71d39bc95 100644 --- a/etc/kget.profile +++ b/etc/kget.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/kino.profile b/etc/kino.profile index cda86ddc6..703ee8c9a 100644 --- a/etc/kino.profile +++ b/etc/kino.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix seccomp diff --git a/etc/kmail.profile b/etc/kmail.profile index 308a981f7..1f85335c3 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -46,6 +46,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls diff --git a/etc/kodi.profile b/etc/kodi.profile index 9dd7770ad..5f9a4a87e 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile @@ -32,6 +32,7 @@ netfilter nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/konversation.profile b/etc/konversation.profile index b66f40600..68d365a7a 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/kopete.profile b/etc/kopete.profile index d7829113d..294f9f8cf 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp writable-var diff --git a/etc/krita.profile b/etc/krita.profile index 5a1f3d031..5fd56d61e 100644 --- a/etc/krita.profile +++ b/etc/krita.profile @@ -35,6 +35,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 14ee3322c..5d3092ed1 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile @@ -45,6 +45,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index ca7c5042d..6d4dcfd3f 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/kwrite.profile b/etc/kwrite.profile index f080b3ffc..d2eeb83c1 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -35,6 +35,7 @@ nonewprivs noroot # nosound - KWrite is using ALSA! notv +nou2f novideo protocol unix seccomp diff --git a/etc/leafpad.profile b/etc/leafpad.profile index d3335893f..e91f9e8a5 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/less.profile b/etc/less.profile index a08d2c547..310075124 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -17,6 +17,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 905dd22b9..0777e34bc 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -36,6 +36,7 @@ nogroups #nonewprivs - fix for Ubuntu 18.04/Debian 10 noroot notv +nou2f #protocol unix,inet,inet6 - fix for Ubuntu 18.04/Debian 10 #seccomp - fix for Ubuntu 18.04/Debian 10 shell none diff --git a/etc/liferea.profile b/etc/liferea.profile index 04c649121..a980f123f 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile @@ -40,6 +40,7 @@ nonewprivs noroot # nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/linphone.profile b/etc/linphone.profile index b469b9711..4f022d088 100644 --- a/etc/linphone.profile +++ b/etc/linphone.profile @@ -30,6 +30,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/lmms.profile b/etc/lmms.profile index d3ef1b40e..6091ee9fa 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix seccomp diff --git a/etc/lollypop.profile b/etc/lollypop.profile index efd40e899..92335c4cf 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile @@ -31,6 +31,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index a4ccefb6d..61c4ef3fc 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 4b3c457f6..c3b532534 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 7c3334075..a4f90da01 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix seccomp diff --git a/etc/lynx.profile b/etc/lynx.profile index f5ec44fda..35385059a 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index 4107d91ad..e640b6ad2 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 874fcf8cb..a5a1ca6ef 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index c3a3ee446..fed1e0643 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index b0bd99519..fd51ede4c 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 0ed8952e5..7445d0434 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile @@ -22,6 +22,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol inet,inet6 seccomp diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 7556098a7..a36d7d1c1 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index e53ced860..58aa9520a 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile @@ -38,6 +38,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/meld.profile b/etc/meld.profile index 1a7935800..2c939be1a 100644 --- a/etc/meld.profile +++ b/etc/meld.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/min.profile b/etc/min.profile index 91c6fce3c..730053735 100644 --- a/etc/min.profile +++ b/etc/min.profile @@ -33,6 +33,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/minetest.profile b/etc/minetest.profile index 3e06b6d30..01680c151 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile @@ -28,6 +28,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 421637509..bd3b84449 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix seccomp shell none diff --git a/etc/mpd.profile b/etc/mpd.profile index 709f2ef89..dde26db24 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile @@ -25,6 +25,7 @@ nodvd nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/mplayer.profile b/etc/mplayer.profile index 29ef21b9d..1af2ea3d4 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile @@ -24,6 +24,7 @@ netfilter # nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/mpv.profile b/etc/mpv.profile index 5747cd3fa..fcd233195 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile @@ -34,6 +34,7 @@ nodbus nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/ms-office.profile b/etc/ms-office.profile index cedc5eff4..d0931da58 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile @@ -28,6 +28,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 2b63c2032..b8d590f47 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile @@ -35,6 +35,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 # seccomp diff --git a/etc/mupdf.profile b/etc/mupdf.profile index b49597e00..fa0d9ae26 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index ba010d6a3..32c9ce1a4 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile @@ -24,6 +24,7 @@ noroot nogroups nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/mutt.profile b/etc/mutt.profile index 6cb09ec78..a98518a60 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -47,6 +47,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/ncdu.profile b/etc/ncdu.profile index fa566b9fd..7ce53c490 100644 --- a/etc/ncdu.profile +++ b/etc/ncdu.profile @@ -17,6 +17,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/neverball.profile b/etc/neverball.profile index 5e6032ae5..53002cdf6 100644 --- a/etc/neverball.profile +++ b/etc/neverball.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,netlink seccomp diff --git a/etc/nylas.profile b/etc/nylas.profile index 28305a203..79e535893 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/obs.profile b/etc/obs.profile index 611ecdd67..904ece191 100644 --- a/etc/obs.profile +++ b/etc/obs.profile @@ -31,6 +31,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 59470f3bb..5779ac771 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/okular.profile b/etc/okular.profile index 0f15500af..169f024aa 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -39,6 +39,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile index 1c93ef9b9..3d87d7770 100644 --- a/etc/onionshare-gui.profile +++ b/etc/onionshare-gui.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 1cd9e9537..72b1fec65 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,netlink seccomp shell none diff --git a/etc/openshot.profile b/etc/openshot.profile index 242511243..d335e31ff 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile @@ -32,6 +32,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/orage.profile b/etc/orage.profile index 8fc6330d9..b8ae71524 100644 --- a/etc/orage.profile +++ b/etc/orage.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/patch.profile b/etc/patch.profile index 8fa6ac966..a918c3604 100644 --- a/etc/patch.profile +++ b/etc/patch.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index f6a615632..8fe14e98f 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index 34cf5e44f..ceb36ed57 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index a09ab0a8a..585e1b164 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index d162f45b5..9f7c3c0fe 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/peek.profile b/etc/peek.profile index edc43d006..3895281b3 100644 --- a/etc/peek.profile +++ b/etc/peek.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/picard.profile b/etc/picard.profile index 8474eeda6..ba1d0d9c8 100644 --- a/etc/picard.profile +++ b/etc/picard.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/pidgin.profile b/etc/pidgin.profile index e891f5fd8..7ecac2ccc 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/ping.profile b/etc/ping.profile index 2b20bf8c9..2cde2a3e8 100644 --- a/etc/ping.profile +++ b/etc/ping.profile @@ -27,6 +27,7 @@ nogroups #noroot nosound notv +nou2f novideo # protocol command is built using seccomp; nonewprivs will kill it @@ -47,5 +48,3 @@ private-tmp #memory-deny-write-execute noexec ${HOME} noexec /tmp - - diff --git a/etc/pingus.profile b/etc/pingus.profile index 4ce584d1e..ab75eb27f 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,netlink seccomp shell none diff --git a/etc/pinta.profile b/etc/pinta.profile index 506918b92..35dcdccd6 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/pithos.profile b/etc/pithos.profile index cbe7ac9c6..ef3b473b7 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile @@ -30,6 +30,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/pitivi.profile b/etc/pitivi.profile index 6f6aed117..62e821509 100644 --- a/etc/pitivi.profile +++ b/etc/pitivi.profile @@ -31,6 +31,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix seccomp diff --git a/etc/pix.profile b/etc/pix.profile index dfc6d780e..d48f2fdc1 100644 --- a/etc/pix.profile +++ b/etc/pix.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/pluma.profile b/etc/pluma.profile index 832e7a3f4..3b6db6ea0 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/polari.profile b/etc/polari.profile index cb6b0f73c..27a75ac65 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -35,6 +35,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index d2612c95c..9a96f15e6 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -32,6 +32,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index 02c35b104..fcb979d93 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index 89bb9dadf..14bfc7e24 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile @@ -26,6 +26,7 @@ nodvd nogroups nosound notv +nou2f novideo shell none tracelog diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 4ba5d3871..9f96c321f 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -45,6 +45,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 1293fa30d..74c966a44 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/qmmp.profile b/etc/qmmp.profile index 9d127731f..86b802760 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 3063010cc..b10ea5bc6 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/qtox.profile b/etc/qtox.profile index 3c1697085..8c625ce31 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -28,6 +28,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 368a3d996..3cb4c9a0d 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -37,6 +37,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index e73e8a5e1..d1d1a1054 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink # blacklisting of chroot system calls breaks qupzilla seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice diff --git a/etc/ranger.profile b/etc/ranger.profile index fe4131e88..c5eb0b60d 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -35,6 +35,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile index 7271ac2f4..aed69ea17 100644 --- a/etc/redeclipse.profile +++ b/etc/redeclipse.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/remmina.profile b/etc/remmina.profile index 51c0f2d17..29e7fbd35 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 7dc6470f9..50d98d427 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/ricochet.profile b/etc/ricochet.profile index 2e2143a54..f4c1ad7af 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/ristretto.profile b/etc/ristretto.profile index bb2a7e95b..ab7564c82 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index bdc5b9232..a259bcfa8 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -21,6 +21,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/sayonara.profile b/etc/sayonara.profile index 8a369be7e..09b909a33 100644 --- a/etc/sayonara.profile +++ b/etc/sayonara.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/scallion.profile b/etc/scallion.profile index 35cd04f8f..c046dc7a1 100644 --- a/etc/scallion.profile +++ b/etc/scallion.profile @@ -30,6 +30,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/scribus.profile b/etc/scribus.profile index 375983667..123251432 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile @@ -50,6 +50,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index a2a54f838..ad3d0acf2 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/server.profile b/etc/server.profile index 8d3382dee..e02b2591b 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -33,6 +33,7 @@ nodvd # noroot nosound notv +nou2f novideo seccomp # shell none diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index 90fc9cb8c..10f188f00 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/shotcut.profile b/etc/shotcut.profile index e5a8ce4df..b481820b4 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix seccomp shell none diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index c52f45f31..f44723bee 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 0fa19e610..850b33a2b 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 3722d9414..b19ed1c39 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix seccomp shell none diff --git a/etc/skype.profile b/etc/skype.profile index 04f15b454..b0aeaecff 100644 --- a/etc/skype.profile +++ b/etc/skype.profile @@ -20,6 +20,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/slack.profile b/etc/slack.profile index ba77a16b9..45a8c8298 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -29,6 +29,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 6d8355e6f..7e1f98a09 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile @@ -27,6 +27,7 @@ netfilter # nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/smtube.profile b/etc/smtube.profile index 430b4e5cf..41d8ef5a5 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile @@ -28,6 +28,7 @@ caps.drop all netfilter nodvd notv +nou2f novideo nogroups nonewprivs diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index 69efe5244..867d21d0e 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile @@ -32,6 +32,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/spotify.profile b/etc/spotify.profile index 3adf3183c..e8d251b8f 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -37,6 +37,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 0f030d559..fe8ee8e5f 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/ssh.profile b/etc/ssh.profile index 584294f05..306cdf171 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -25,6 +25,7 @@ nonewprivs # noroot - see issue #1543 nosound notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 9f62b42c5..67e356123 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix,inet,inet6,netlink seccomp diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 4d9ebcb2e..2ccd2f61f 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice diff --git a/etc/steam.profile b/etc/steam.profile index 903384ecf..7928d8526 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -55,6 +55,7 @@ nogroups nonewprivs noroot notv +nou2f # novideo should be commented for VR novideo protocol unix,inet,inet6,netlink diff --git a/etc/stellarium.profile b/etc/stellarium.profile index cddbd99d6..bbbc5c084 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -31,6 +31,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/strings.profile b/etc/strings.profile index ae2fbf18f..9e5d88ef0 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -16,6 +16,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 84083e9aa..b1fea064c 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,netlink seccomp shell none diff --git a/etc/surf.profile b/etc/surf.profile index 3d40ea49b..fbec118bc 100644 --- a/etc/surf.profile +++ b/etc/surf.profile @@ -23,6 +23,7 @@ nodvd nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile index 5f30c95ba..04b36c731 100644 --- a/etc/sylpheed.profile +++ b/etc/sylpheed.profile @@ -22,6 +22,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 0fc59fd17..27b7604e3 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/tar.profile b/etc/tar.profile index 7409393c6..a10581341 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -18,6 +18,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile index 55a95157d..63751a7d5 100644 --- a/etc/teamspeak3.profile +++ b/etc/teamspeak3.profile @@ -29,6 +29,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6,netlink seccomp diff --git a/etc/terasology.profile b/etc/terasology.profile index fa45eb880..9c17ff46a 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile @@ -36,6 +36,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/tor.profile b/etc/tor.profile index ddaa9806c..ed14ead56 100644 --- a/etc/tor.profile +++ b/etc/tor.profile @@ -34,6 +34,7 @@ nogroups nonewprivs nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 307377acc..c73121126 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile @@ -38,6 +38,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice diff --git a/etc/totem.profile b/etc/totem.profile index bfa5883e2..03e30a40a 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -27,6 +27,7 @@ netfilter nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 1a22a713c..b60fbf99c 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 758205ccf..65b5547b1 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index c8eb9e326..31935039e 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 06b79effd..1e5dc3ef2 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/truecraft.profile b/etc/truecraft.profile index 1eb7b65ba..ad021c13e 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index d467e1a83..da6f935d7 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile @@ -34,6 +34,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/uefitool.profile b/etc/uefitool.profile index d4016d061..0548bb323 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 3c3c685e0..37361e7eb 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -24,6 +24,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/unbound.profile b/etc/unbound.profile index 5bc350e8d..e7862add7 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -27,6 +27,7 @@ nodvd nonewprivs nosound notv +nou2f novideo seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open writable-var diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index 5b2944a88..e5a35529a 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,netlink,inet,inet6 seccomp shell none diff --git a/etc/unrar.profile b/etc/unrar.profile index c8c72f1f3..adc356a10 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -18,6 +18,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/unzip.profile b/etc/unzip.profile index 0b8b0cc50..95c9913a4 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -18,6 +18,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/uudeview.profile b/etc/uudeview.profile index d1130960d..62dea4244 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile @@ -15,6 +15,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 08f9fd309..025e0fae8 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile @@ -28,6 +28,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/viking.profile b/etc/viking.profile index 624cb962b..01786b4e1 100644 --- a/etc/viking.profile +++ b/etc/viking.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/vim.profile b/etc/vim.profile index 1f98a018a..33b406c24 100644 --- a/etc/vim.profile +++ b/etc/vim.profile @@ -21,6 +21,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/vlc.profile b/etc/vlc.profile index 594a5944b..d911360a7 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -28,6 +28,7 @@ netfilter nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/vym.profile b/etc/vym.profile index bb044069d..cd9bb0ac1 100644 --- a/etc/vym.profile +++ b/etc/vym.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/w3m.profile b/etc/w3m.profile index 858b30a5f..270456a60 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 632a56074..b291693d9 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile @@ -28,6 +28,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/webstorm.profile b/etc/webstorm.profile index 1a77fd833..51596909e 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile @@ -30,6 +30,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 215d2e72d..93ca13c36 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -29,6 +29,7 @@ nodvd nonewprivs noroot notv +nou2f protocol unix,inet,inet6 seccomp diff --git a/etc/wget.profile b/etc/wget.profile index abe2436d7..655756ffb 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/whois.profile b/etc/whois.profile index 3ef2e1476..3c7ae7200 100644 --- a/etc/whois.profile +++ b/etc/whois.profile @@ -26,6 +26,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol inet,inet6 seccomp diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index 64d2cefd5..1791d6274 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile @@ -26,6 +26,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix,inet,inet6,netlink seccomp shell none diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 330f0140e..dc100bc91 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile @@ -36,6 +36,7 @@ no3d nodvd nosound notv +nou2f novideo # protocol unix,inet,inet6,netlink # seccomp - breaks network traffic capture for unprivileged users diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index ac8f0fe2a..31700b0af 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile @@ -12,6 +12,7 @@ netfilter nodbus nogroups noroot +nou2f protocol unix seccomp diff --git a/etc/xcalc.profile b/etc/xcalc.profile index dd7c66523..d78cd49d4 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/xed.profile b/etc/xed.profile index f65b52658..e58ab499e 100644 --- a/etc/xed.profile +++ b/etc/xed.profile @@ -33,6 +33,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index e84c78b24..21d1cd3c0 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile @@ -23,6 +23,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 99aeebb7f..fb8297117 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile @@ -25,6 +25,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 703579562..67fd6fce8 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/xmms.profile b/etc/xmms.profile index d016e0c23..4d88b87f2 100644 --- a/etc/xmms.profile +++ b/etc/xmms.profile @@ -21,6 +21,7 @@ no3d nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 7a445f6a5..03fba1d0c 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/xonotic.profile b/etc/xonotic.profile index a7e8edc0f..2e14f22d3 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile @@ -27,6 +27,7 @@ nogroups nonewprivs noroot notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/xpdf.profile b/etc/xpdf.profile index c12a3437c..10dfea2a7 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/xplayer.profile b/etc/xplayer.profile index f51362b6b..ba43f328c 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -32,6 +32,7 @@ netfilter nogroups nonewprivs noroot +nou2f protocol unix,inet,inet6 seccomp shell none diff --git a/etc/xpra.profile b/etc/xpra.profile index 960c493b9..34ce0276c 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile @@ -41,6 +41,7 @@ nonewprivs #noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/xreader.profile b/etc/xreader.profile index 25e790fe0..d6acbc1f0 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 7ecc1ca0b..8eb2ec4c3 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -29,6 +29,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix seccomp diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 796c1d642..2664953f0 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile @@ -17,6 +17,7 @@ nodbus nodvd nosound notv +nou2f novideo shell none tracelog diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 75d4514b6..3a224c391 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile @@ -36,6 +36,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile index 872719ebc..1cacfc430 100644 --- a/etc/zaproxy.profile +++ b/etc/zaproxy.profile @@ -37,6 +37,7 @@ nonewprivs noroot nosound notv +nou2f novideo protocol unix,inet,inet6 seccomp diff --git a/etc/zart.profile b/etc/zart.profile index a4b22ed5d..4ed39e9ce 100644 --- a/etc/zart.profile +++ b/etc/zart.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot notv +nou2f protocol unix seccomp shell none diff --git a/etc/zathura.profile b/etc/zathura.profile index c1785e332..59a154df1 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -27,6 +27,7 @@ nonewprivs noroot nosound notv +nou2f protocol unix seccomp shell none -- cgit v1.2.3-54-g00ecf