From 104dde49c0744b73ce795b9a4086607232a18305 Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 13 Aug 2017 15:49:50 -0400 Subject: Fix nodvd placement --- etc/0ad.profile | 2 +- etc/2048-qt.profile | 2 +- etc/7z.profile | 2 +- etc/Cryptocat.profile | 2 +- etc/Mathematica.profile | 2 +- etc/Thunar.profile | 2 +- etc/Xephyr.profile | 2 +- etc/Xvfb.profile | 2 +- etc/abrowser.profile | 2 +- etc/akregator.profile | 2 +- etc/android-studio.profile | 2 +- etc/apktool.profile | 2 +- etc/arduino.profile | 2 +- etc/ark.profile | 2 +- etc/arm.profile | 2 +- etc/atom-beta.profile | 2 +- etc/atom.profile | 2 +- etc/atool.profile | 2 +- etc/atril.profile | 2 +- etc/audacity.profile | 2 +- etc/aweather.profile | 2 +- etc/baloo_file.profile | 2 +- etc/baobab.profile | 2 +- etc/bibletime.profile | 2 +- etc/bitlbee.profile | 2 +- etc/bleachbit.profile | 2 +- etc/blender.profile | 2 +- etc/bless.profile | 2 +- etc/brave.profile | 2 +- etc/caja.profile | 2 +- etc/calibre.profile | 2 +- etc/catfish.profile | 2 +- etc/cherrytree.profile | 2 +- etc/chromium.profile | 2 +- etc/claws-mail.profile | 2 +- etc/clipit.profile | 2 +- etc/conkeror.profile | 2 +- etc/corebird.profile | 2 +- etc/cpio.profile | 2 +- etc/curl.profile | 2 +- etc/cvlc.profile | 2 +- etc/cyberfox.profile | 2 +- etc/darktable.profile | 2 +- etc/deluge.profile | 2 +- etc/dex2jar.profile | 2 +- etc/dia.profile | 2 +- etc/digikam.profile | 2 +- etc/dillo.profile | 2 +- etc/dino.profile | 2 +- etc/display.profile | 2 +- etc/dnscrypt-proxy.profile | 2 +- etc/dnsmasq.profile | 2 +- etc/dolphin.profile | 2 +- etc/dosbox.profile | 2 +- etc/dragon.profile | 2 +- etc/dropbox.profile | 2 +- etc/electron.profile | 2 +- etc/elinks.profile | 2 +- etc/emacs.profile | 2 +- etc/empathy.profile | 2 +- etc/enchant.profile | 2 +- etc/engrampa.profile | 2 +- etc/eog.profile | 2 +- etc/eom.profile | 2 +- etc/epiphany.profile | 2 +- etc/etr.profile | 2 +- etc/evince.profile | 2 +- etc/evolution.profile | 2 +- etc/exiftool.profile | 2 +- etc/fbreader.profile | 2 +- etc/feh.profile | 2 +- etc/file-roller.profile | 2 +- etc/file.profile | 2 +- etc/filezilla.profile | 2 +- etc/firefox.profile | 2 +- etc/flashpeak-slimjet.profile | 2 +- etc/flowblade.profile | 2 +- etc/fontforge.profile | 2 +- etc/fossamail.profile | 2 +- etc/franz.profile | 2 +- etc/frozen-bubble.profile | 2 +- etc/gajim.profile | 2 +- etc/galculator.profile | 2 +- etc/geany.profile | 2 +- etc/gedit.profile | 2 +- etc/geeqie.profile | 2 +- etc/gimp.profile | 2 +- etc/git.profile | 2 +- etc/gitg.profile | 2 +- etc/gitter.profile | 2 +- etc/gjs.profile | 2 +- etc/globaltime.profile | 2 +- etc/gnome-2048.profile | 2 +- etc/gnome-books.profile | 2 +- etc/gnome-calculator.profile | 2 +- etc/gnome-chess.profile | 2 +- etc/gnome-clocks.profile | 2 +- etc/gnome-contacts.profile | 2 +- etc/gnome-documents.profile | 2 +- etc/gnome-font-viewer.profile | 2 +- etc/gnome-maps.profile | 2 +- etc/gnome-photos.profile | 2 +- etc/gnome-twitch.profile | 2 +- etc/gnome-weather.profile | 2 +- etc/goobox.profile | 2 +- etc/google-chrome-beta.profile | 2 +- etc/google-chrome-unstable.profile | 2 +- etc/google-chrome.profile | 2 +- etc/google-play-music-desktop-player.profile | 2 +- etc/gpa.profile | 2 +- etc/gpg-agent.profile | 2 +- etc/gpg.profile | 2 +- etc/gpicview.profile | 2 +- etc/gpredict.profile | 2 +- etc/gthumb.profile | 2 +- etc/gucharmap.profile | 2 +- etc/gwenview.profile | 2 +- etc/gzip.profile | 2 +- etc/hashcat.profile | 2 +- etc/hedgewars.profile | 2 +- etc/hexchat.profile | 2 +- etc/highlight.profile | 2 +- etc/hugin.profile | 2 +- etc/icecat.profile | 2 +- etc/idea.sh.profile | 2 +- etc/img2txt.profile | 2 +- etc/inkscape.profile | 2 +- etc/inox.profile | 2 +- etc/iridium.profile | 2 +- etc/jd-gui.profile | 2 +- etc/jitsi.profile | 2 +- etc/k3b.profile | 2 +- etc/kate.profile | 2 +- etc/kcalc.profile | 2 +- etc/keepass.profile | 2 +- etc/keepassx.profile | 2 +- etc/keepassx2.profile | 2 +- etc/keepassxc.profile | 2 +- etc/kmail.profile | 2 +- etc/knotes.profile | 2 +- etc/konversation.profile | 2 +- etc/ktorrent.profile | 2 +- etc/kwrite.profile | 2 +- etc/leafpad.profile | 2 +- etc/less.profile | 2 +- etc/libreoffice.profile | 2 +- etc/liferea.profile | 2 +- etc/luminance-hdr.profile | 2 +- etc/lximage-qt.profile | 2 +- etc/lxmusic.profile | 2 +- etc/lxterminal.profile | 2 +- etc/lynx.profile | 2 +- etc/mate-calc.profile | 2 +- etc/mate-color-select.profile | 2 +- etc/mate-dictionary.profile | 2 +- etc/mcabber.profile | 2 +- etc/mediainfo.profile | 2 +- etc/mediathekview.profile | 2 +- etc/meld.profile | 2 +- etc/midori.profile | 2 +- etc/mousepad.profile | 2 +- etc/multimc5.profile | 2 +- etc/mumble.profile | 2 +- etc/mupdf.profile | 2 +- etc/mupen64plus.profile | 2 +- etc/mutt.profile | 2 +- etc/nautilus.profile | 2 +- etc/nemo.profile | 2 +- etc/netsurf.profile | 2 +- etc/nylas.profile | 2 +- etc/obs.profile | 2 +- etc/odt2txt.profile | 2 +- etc/okular.profile | 2 +- etc/open-invaders.profile | 2 +- etc/openshot.profile | 2 +- etc/opera-beta.profile | 2 +- etc/opera.profile | 2 +- etc/orage.profile | 2 +- etc/palemoon.profile | 2 +- etc/parole.profile | 2 +- etc/pcmanfm.profile | 2 +- etc/pdfsam.profile | 2 +- etc/pdftotext.profile | 2 +- etc/peek.profile | 2 +- etc/picard.profile | 2 +- etc/pidgin.profile | 2 +- etc/pingus.profile | 2 +- etc/pithos.profile | 2 +- etc/pix.profile | 2 +- etc/pluma.profile | 2 +- etc/polari.profile | 2 +- etc/psi-plus.profile | 2 +- etc/qbittorrent.profile | 2 +- etc/qemu-launcher.profile | 2 +- etc/qemu-system-x86_64.profile | 2 +- etc/qlipper.profile | 2 +- etc/qpdfview.profile | 2 +- etc/qtox.profile | 2 +- etc/quassel.profile | 2 +- etc/quiterss.profile | 2 +- etc/qupzilla.profile | 2 +- etc/qutebrowser.profile | 2 +- etc/rambox.profile | 2 +- etc/ranger.profile | 2 +- etc/remmina.profile | 2 +- etc/ristretto.profile | 2 +- etc/rtorrent.profile | 2 +- etc/scribus.profile | 2 +- etc/sdat2img.profile | 2 +- etc/seamonkey.profile | 2 +- etc/server.profile | 2 +- etc/silentarmy.profile | 2 +- etc/simple-scan.profile | 2 +- etc/simutrans.profile | 2 +- etc/skanlite.profile | 2 +- etc/skype.profile | 2 +- etc/skypeforlinux.profile | 2 +- etc/slack.profile | 2 +- etc/snap.profile | 2 +- etc/soundconverter.profile | 2 +- etc/sqlitebrowser.profile | 2 +- etc/ssh-agent.profile | 2 +- etc/ssh.profile | 2 +- etc/start-tor-browser.profile | 2 +- etc/steam.profile | 2 +- etc/stellarium.profile | 2 +- etc/strings.profile | 2 +- etc/supertux2.profile | 2 +- etc/synfigstudio.profile | 2 +- etc/tar.profile | 2 +- etc/telegram.profile | 2 +- etc/tracker.profile | 2 +- etc/transmission-cli.profile | 2 +- etc/transmission-gtk.profile | 2 +- etc/transmission-qt.profile | 2 +- etc/transmission-show.profile | 2 +- etc/truecraft.profile | 2 +- etc/tuxguitar.profile | 2 +- etc/uget-gtk.profile | 2 +- etc/unbound.profile | 2 +- etc/unknown-horizons.profile | 2 +- etc/unrar.profile | 2 +- etc/unzip.profile | 2 +- etc/uudeview.profile | 2 +- etc/uzbl-browser.profile | 2 +- etc/viewnior.profile | 2 +- etc/viking.profile | 2 +- etc/vim.profile | 2 +- etc/virtualbox.profile | 2 +- etc/vivaldi.profile | 2 +- etc/vym.profile | 2 +- etc/w3m.profile | 2 +- etc/warzone2100.profile | 2 +- etc/waterfox.profile | 2 +- etc/weechat.profile | 2 +- etc/wesnoth.profile | 2 +- etc/wget.profile | 2 +- etc/wine.profile | 2 +- etc/wire.profile | 2 +- etc/wireshark.profile | 2 +- etc/xchat.profile | 2 +- etc/xed.profile | 2 +- etc/xfburn.profile | 2 +- etc/xfce4-dict.profile | 2 +- etc/xfce4-notes.profile | 2 +- etc/xiphos.profile | 2 +- etc/xonotic.profile | 2 +- etc/xpdf.profile | 2 +- etc/xpra.profile | 2 +- etc/xreader.profile | 2 +- etc/xviewer.profile | 2 +- etc/xzdec.profile | 2 +- etc/youtube-dl.profile | 2 +- etc/zathura.profile | 2 +- etc/zoom.profile | 2 +- 275 files changed, 275 insertions(+), 275 deletions(-) (limited to 'etc') diff --git a/etc/0ad.profile b/etc/0ad.profile index 5ee386268..9ca9834a8 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -40,4 +41,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index e235bd51e..06cc69503 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/7z.profile b/etc/7z.profile index 4357cbcd1..ea67bbe19 100644 --- a/etc/7z.profile +++ b/etc/7z.profile @@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix ignore noroot net none no3d +nodvd nosound notv novideo @@ -20,4 +21,3 @@ tracelog private-dev include /etc/firejail/default.profile -nodvd diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index 261fe1373..add122a5e 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -25,4 +26,3 @@ shell none private-dev private-tmp -nodvd diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index b92851c0b..924f74389 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -21,8 +21,8 @@ whitelist ~/Documents/Wolfram Mathematica include /etc/firejail/whitelist-common.inc caps.drop all +nodvd nonewprivs noroot notv seccomp -nodvd diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 74146d6e3..f4a5c9f54 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ protocol unix seccomp shell none tracelog -nodvd diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index 9c533437b..c0c322b67 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile @@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all # Xephyr needs to be allowed access to the abstract Unix socket namespace. +nodvd nogroups nonewprivs # In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix. @@ -39,4 +40,3 @@ private private-dev # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname private-tmp -nodvd diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 69420c3a8..7921e0d06 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile @@ -23,6 +23,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all # Xvfb needs to be allowed access to the abstract Unix socket namespace. +nodvd nogroups nonewprivs # In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix. @@ -40,4 +41,3 @@ private private-dev private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname private-tmp -nodvd diff --git a/etc/abrowser.profile b/etc/abrowser.profile index e31b422c5..3251ef8aa 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -37,6 +37,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv @@ -45,4 +46,3 @@ seccomp tracelog # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse -nodvd diff --git a/etc/akregator.profile b/etc/akregator.profile index d47ce4df0..12bb06fb5 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 07d67c639..1e1953780 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile @@ -20,6 +20,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-dev # private-tmp noexec /tmp -nodvd diff --git a/etc/apktool.profile b/etc/apktool.profile index 58854df3b..b4ff45c7c 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/arduino.profile b/etc/arduino.profile index d1938c01a..b529ec266 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/ark.profile b/etc/ark.profile index 2ac7089fb..2ed25a4e6 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ shell none private-dev # private-etc private-tmp -nodvd diff --git a/etc/arm.profile b/etc/arm.profile index a75130e4d..5845958fa 100644 --- a/etc/arm.profile +++ b/etc/arm.profile @@ -20,6 +20,7 @@ caps.drop all ipc-namespace netfilter no3d +nodvd nogroups nonewprivs noroot @@ -39,4 +40,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 395f4e350..4869ef4ea 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ shell none private-dev private-tmp -nodvd diff --git a/etc/atom.profile b/etc/atom.profile index 2a0c46355..8629c3dd8 100644 --- a/etc/atom.profile +++ b/etc/atom.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ shell none private-dev private-tmp -nodvd diff --git a/etc/atool.profile b/etc/atool.profile index cd06b4b2a..c2e772f9d 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ tracelog private-dev private-etc none private-tmp -nodvd diff --git a/etc/atril.profile b/etc/atril.profile index 1c0d3a11d..7109d343e 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog private-bin atril, atril-previewer, atril-thumbnailer private-dev private-tmp -nodvd diff --git a/etc/audacity.profile b/etc/audacity.profile index f2e4d2b5b..b5a15b04c 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/aweather.profile b/etc/aweather.profile index 4c2664a91..ef811b330 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ tracelog private-bin aweather private-dev private-tmp -nodvd diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 80c5ea0b0..2809089e6 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -40,4 +41,3 @@ noexec /tmp # read-only ${HOME} # read-write ${HOME}/.local/share # noexec ${HOME}/.local/share -nodvd diff --git a/etc/baobab.profile b/etc/baobab.profile index 5eef557bc..014f8869c 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 158733660..73d31c205 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile @@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -39,4 +40,3 @@ tracelog private-dev private-etc fonts,resolv.conf,sword,sword.conf,passwd private-tmp -nodvd diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 0566029cb..0b61e7b9f 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc netfilter no3d +nodvd nonewprivs nosound notv @@ -30,4 +31,3 @@ private-tmp read-write /var/lib/bitlbee noexec /tmp -nodvd diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 0c1670283..f3498e9b9 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ shell none memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/blender.profile b/etc/blender.profile index 438be7e41..f7ecbce55 100644 --- a/etc/blender.profile +++ b/etc/blender.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/bless.profile b/etc/bless.profile index 6da8187b1..8285e4473 100644 --- a/etc/bless.profile +++ b/etc/bless.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/brave.profile b/etc/brave.profile index a512bd133..4a908c884 100644 --- a/etc/brave.profile +++ b/etc/brave.profile @@ -30,9 +30,9 @@ include /etc/firejail/whitelist-common.inc netfilter # nonewprivs # noroot +nodvd notv # protocol unix,inet,inet6,netlink # seccomp # disable-mnt -nodvd diff --git a/etc/caja.profile b/etc/caja.profile index 35b0ce040..d234e6c9b 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -nodvd diff --git a/etc/calibre.profile b/etc/calibre.profile index d1371839c..aa0de473c 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/catfish.profile b/etc/catfish.profile index 2f9c35220..498f3b6ee 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ tracelog # private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m # private-dev # private-tmp -nodvd diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 901bfed1e..88be562c8 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/chromium.profile b/etc/chromium.profile index 7637b8ea5..37b2e51a6 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile @@ -27,6 +27,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter +nodvd nogroups notv shell none @@ -36,4 +37,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index d1470adfb..bc045fb77 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ shell none private-dev private-tmp -nodvd diff --git a/etc/clipit.profile b/etc/clipit.profile index 64a635efb..e6ee7b636 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/conkeror.profile b/etc/conkeror.profile index efee37106..f6a9eefb6 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile @@ -25,9 +25,9 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/corebird.profile b/etc/corebird.profile index 39726d13a..87f7a970b 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile @@ -13,8 +13,8 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd noroot notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/cpio.profile b/etc/cpio.profile index 3f25393b0..f082d2e40 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile @@ -19,6 +19,7 @@ caps.drop all net none net none no3d +nodvd nosound notv seccomp @@ -26,4 +27,3 @@ shell none tracelog private-dev -nodvd diff --git a/etc/curl.profile b/etc/curl.profile index dea5b3db8..af7eabf59 100644 --- a/etc/curl.profile +++ b/etc/curl.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/cvlc.profile b/etc/cvlc.profile index b0052eeab..ee1346617 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-dev private-tmp memory-deny-write-execute -nodvd diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index 5cd75208b..63f6ea845 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -52,6 +52,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -69,4 +70,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/darktable.profile b/etc/darktable.profile index 51cb197b0..e04163486 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/deluge.profile b/etc/deluge.profile index da477e4c3..c311d2fa7 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -19,6 +19,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -32,4 +33,3 @@ shell none # private-bin deluge,sh,python,uname private-dev private-tmp -nodvd diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index a3a1c4ad5..858baba6d 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/dia.profile b/etc/dia.profile index 14724c321..a625ab36d 100644 --- a/etc/dia.profile +++ b/etc/dia.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/digikam.profile b/etc/digikam.profile index 1a39f5a9d..43191ec06 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/dillo.profile b/etc/dillo.profile index e1f0594e1..aa8a395e1 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile @@ -21,10 +21,10 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv protocol unix,inet,inet6 seccomp tracelog -nodvd diff --git a/etc/dino.profile b/etc/dino.profile index 9355f7e6a..72f4f40b2 100644 --- a/etc/dino.profile +++ b/etc/dino.profile @@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -38,4 +39,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/display.profile b/etc/display.profile index d8bbd4423..44d37d5b2 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ private-bin display private-dev private-etc none private-tmp -nodvd diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 101e3afb0..d82efef04 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile @@ -14,10 +14,10 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc no3d +nodvd nosound notv seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open private private-dev -nodvd diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index b6ca68bf2..bf52a5d8a 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps netfilter no3d +nodvd nonewprivs nosound notv @@ -25,4 +26,3 @@ seccomp disable-mnt private private-dev -nodvd diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 6bd4fd38f..7566e927b 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ shell none # private-dev # private-etc # private-tmp -nodvd diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 700458169..bec2960f1 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ tracelog private-bin dosbox private-dev private-tmp -nodvd diff --git a/etc/dragon.profile b/etc/dragon.profile index 4bab76e7d..211c2432f 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/dropbox.profile b/etc/dropbox.profile index de41691b8..c8670357c 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -40,4 +41,3 @@ private-dev private-tmp noexec /tmp -nodvd diff --git a/etc/electron.profile b/etc/electron.profile index a60704035..9b21c1bfd 100644 --- a/etc/electron.profile +++ b/etc/electron.profile @@ -12,10 +12,10 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot notv protocol unix,inet,inet6,netlink seccomp -nodvd diff --git a/etc/elinks.profile b/etc/elinks.profile index 530e41217..10fd19f71 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ tracelog private-dev # private-etc none private-tmp -nodvd diff --git a/etc/emacs.profile b/etc/emacs.profile index c262c9900..8351d6c42 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile @@ -14,10 +14,10 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/empathy.profile b/etc/empathy.profile index e85bf324d..b2cfa369c 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -12,10 +12,10 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/enchant.profile b/etc/enchant.profile index 5574eeae0..a7b549a4c 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -nodvd diff --git a/etc/engrampa.profile b/etc/engrampa.profile index 9ac577da0..e10fd6084 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog private-dev # private-etc fonts # private-tmp -nodvd diff --git a/etc/eog.profile b/etc/eog.profile index 8dfd01ea1..54d5a1a88 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -36,4 +37,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/eom.profile b/etc/eom.profile index d5470ef24..6fd069b5c 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/epiphany.profile b/etc/epiphany.profile index f3a880bd6..0f9a9cf55 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -24,8 +24,8 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/etr.profile b/etc/etr.profile index 5529c2ed6..96e8b46d9 100644 --- a/etc/etr.profile +++ b/etc/etr.profile @@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ shell none private-dev # private-etc none private-tmp -nodvd diff --git a/etc/evince.profile b/etc/evince.profile index a929c8c4f..5c6215bb2 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -35,4 +36,3 @@ private-etc fonts memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/evolution.profile b/etc/evolution.profile index ef4c9f627..2f7f25ff8 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile @@ -23,6 +23,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -37,4 +38,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 8b56e810d..565212161 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -20,6 +20,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ tracelog private-dev private-etc none private-tmp -nodvd diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 0756a1d40..19d45a1d8 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -25,4 +26,3 @@ shell none private-bin fbreader,FBReader private-dev private-tmp -nodvd diff --git a/etc/feh.profile b/etc/feh.profile index 1798527f7..61b456e34 100644 --- a/etc/feh.profile +++ b/etc/feh.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ private-bin feh private-dev private-etc feh private-tmp -nodvd diff --git a/etc/file-roller.profile b/etc/file-roller.profile index ff8d8c9eb..1ecb3c632 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-dev memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/file.profile b/etc/file.profile index 389e89426..9a4dba7ef 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -16,6 +16,7 @@ caps.drop all hostname file net none no3d +nodvd nogroups nonewprivs nosound @@ -29,4 +30,3 @@ x11 none private-bin file private-dev private-etc magic.mgc,magic,localtime -nodvd diff --git a/etc/filezilla.profile b/etc/filezilla.profile index cb8c38a14..63bfd1e0d 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -25,4 +26,3 @@ shell none private-bin filezilla,uname,sh,bash,dash,python,lsb_release,fzputtygen,fzsftp private-dev private-tmp -nodvd diff --git a/etc/firefox.profile b/etc/firefox.profile index d4de1332d..7229ba45b 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -52,6 +52,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -69,4 +70,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index a661c179a..8a8337802 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile @@ -30,9 +30,9 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv protocol unix,inet,inet6,netlink seccomp -nodvd diff --git a/etc/flowblade.profile b/etc/flowblade.profile index 557948c84..79dab0751 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 835f913d4..29295f8a0 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/fossamail.profile b/etc/fossamail.profile index ef89561e9..74073d8d1 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile @@ -17,7 +17,7 @@ whitelist ~/.fossamail whitelist ~/.gnupg include /etc/firejail/whitelist-common.inc +nodvd notv include /etc/firejail/firefox.profile -nodvd diff --git a/etc/franz.profile b/etc/franz.profile index 52758dc0c..f83b5018c 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -38,4 +39,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 6417ce812..40aa6d58d 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile @@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ shell none private-dev # private-etc none private-tmp -nodvd diff --git a/etc/gajim.profile b/etc/gajim.profile index f69391f23..f1929c015 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -28,6 +28,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -43,4 +44,3 @@ private-dev # private-tmp # Allow the local python 2.7 site packages, in case any plugins are using these read-only ${HOME}/.local/lib/python2.7/site-packages/ -nodvd diff --git a/etc/galculator.profile b/etc/galculator.profile index 9d2ce57e8..a2e855656 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-bin galculator private-dev private-etc fonts private-tmp -nodvd diff --git a/etc/geany.profile b/etc/geany.profile index 530b00192..35e405319 100644 --- a/etc/geany.profile +++ b/etc/geany.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ shell none private-dev private-tmp -nodvd diff --git a/etc/gedit.profile b/etc/gedit.profile index 6b9eb5a44..418575e09 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 5009940d1..c9f9d0074 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ shell none # private-bin geeqie private-dev # private-etc X11 -nodvd diff --git a/etc/gimp.profile b/etc/gimp.profile index acacc8e28..aa77d6105 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-tmp # if you are not using external plugins, you can enable noexec statement below # noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/git.profile b/etc/git.profile index 34bba1974..92bf66b92 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -23,6 +23,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ seccomp shell none private-dev -nodvd diff --git a/etc/gitg.profile b/etc/gitg.profile index f28fbe03f..869c4a6f5 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gitter.profile b/etc/gitter.profile index 9bbe605e7..f92f4b167 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ shell none private-bin gitter private-dev private-tmp -nodvd diff --git a/etc/gjs.profile b/etc/gjs.profile index 1255ec6bb..a856d35b5 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ tracelog private-dev # private-etc fonts private-tmp -nodvd diff --git a/etc/globaltime.profile b/etc/globaltime.profile index ac72c87c7..6961a56e9 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 7dba3f58b..7aea3f5a8 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile @@ -19,6 +19,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nonewprivs noroot notv @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index c9082995d..5c1d5f137 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -35,4 +36,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 21019893b..4921fb0c4 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile @@ -15,6 +15,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 87b01bf92..688df6dfe 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all no3d +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index b9938e9d2..d9bac48eb 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index d905bfe63..90c2c2628 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile @@ -15,6 +15,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nonewprivs noroot nosound @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index e28b787fe..3254f3fbc 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index daf0ddc2a..5ccb28840 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nonewprivs noroot nosound @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 527899aea..cdbf5cbe0 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -35,4 +36,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index c1e9d7b58..0e150f525 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index db7739c33..9c94404d1 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile @@ -20,6 +20,7 @@ whitelist ${HOME}/.local/share/gnome-twitch include /etc/firejail/whitelist-common.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index f1db7dab3..4ddbbbde2 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -36,4 +37,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/goobox.profile b/etc/goobox.profile index c7a52c944..9bedaa431 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -nodvd diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 9c8574d3f..a3fdb214a 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter +nodvd nogroups notv shell none @@ -34,4 +35,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index b7ed33703..8de3c5262 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter +nodvd nogroups notv shell none @@ -34,4 +35,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 6a3c54468..1a86c546e 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter +nodvd nogroups notv shell none @@ -34,4 +35,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 641988796..704de6e40 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile @@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -35,4 +36,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gpa.profile b/etc/gpa.profile index b33d06ba1..58dfcd3e1 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ tracelog # private-bin gpa,gpg private-dev -nodvd diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 852bbc210..13bceaa5a 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ tracelog # private-bin gpg-agent,gpg private-dev -nodvd diff --git a/etc/gpg.profile b/etc/gpg.profile index 91048db14..d99afdfe2 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ tracelog # private-bin gpg,gpg-agent private-dev -nodvd diff --git a/etc/gpicview.profile b/etc/gpicview.profile index b8c1d60c0..ec9245e58 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ private-bin gpicview private-dev private-etc fonts private-tmp -nodvd diff --git a/etc/gpredict.profile b/etc/gpredict.profile index ed9ef1a1e..f204366c5 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 4b922189a..63ad07894 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog private-bin gthumb private-dev private-tmp -nodvd diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index d9982933d..b6be37439 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gwenview.profile b/etc/gwenview.profile index f5507850b..745468912 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -20,6 +20,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -36,4 +37,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/gzip.profile b/etc/gzip.profile index 5560c8252..3f6ecec2c 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile @@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix ignore noroot net none no3d +nodvd nosound notv shell none @@ -19,4 +20,3 @@ tracelog private-dev include /etc/firejail/default.profile -nodvd diff --git a/etc/hashcat.profile b/etc/hashcat.profile index 677c47b13..ae631054b 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 90abe5d27..e2775ffce 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog disable-mnt private-dev private-tmp -nodvd diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 875d07e89..fc817d9f9 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -39,4 +40,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/highlight.profile b/etc/highlight.profile index bbd08cb6b..83b023a90 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-bin highlight private-dev # private-etc none private-tmp -nodvd diff --git a/etc/hugin.profile b/etc/hugin.profile index 064488daa..d3cd181b1 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/icecat.profile b/etc/icecat.profile index 0477bfc4c..ab7e62180 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -37,6 +37,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv @@ -48,4 +49,3 @@ tracelog noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index 20ec4f33f..928ec7327 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile @@ -20,6 +20,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-dev # private-tmp noexec /tmp -nodvd diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 342ddf9a3..bd454a2c8 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ tracelog private-dev # private-etc none private-tmp -nodvd diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 315b0193a..1d24f5d7d 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/inox.profile b/etc/inox.profile index aeee91526..6273c4de6 100644 --- a/etc/inox.profile +++ b/etc/inox.profile @@ -22,5 +22,5 @@ whitelist ~/.pki include /etc/firejail/whitelist-common.inc netfilter -notv nodvd +notv diff --git a/etc/iridium.profile b/etc/iridium.profile index 395481793..db9c5c7cf 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile @@ -23,5 +23,5 @@ whitelist ~/.pki include /etc/firejail/whitelist-common.inc netfilter -notv nodvd +notv diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 2422d5b48..c9af51596 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/jitsi.profile b/etc/jitsi.profile index bd636251c..78a57ff46 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -24,4 +25,3 @@ tracelog disable-mnt private-tmp -nodvd diff --git a/etc/k3b.profile b/etc/k3b.profile index a547cd7b1..87132e775 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all no3d +nodvd nonewprivs noroot nosound @@ -29,4 +30,3 @@ tracelog # private-bin # private-etc # private-tmp -nodvd diff --git a/etc/kate.profile b/etc/kate.profile index 84057f402..ec5d09ce2 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ tracelog private-dev # private-etc fonts private-tmp -nodvd diff --git a/etc/kcalc.profile b/etc/kcalc.profile index fbd4d3e19..f334c4c72 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/keepass.profile b/etc/keepass.profile index bdd6c9995..c133ce0fb 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile @@ -21,6 +21,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -36,4 +37,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 3eadcace7..9d943d89c 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile @@ -19,6 +19,7 @@ caps.drop all machine-id net none no3d +nodvd nogroups nonewprivs noroot @@ -37,4 +38,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index 7f8380bfa..e20e06b76 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -35,4 +36,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index fc44bfdd7..f79cda80d 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -36,4 +37,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/kmail.profile b/etc/kmail.profile index e5e8b0fef..fdc96c97f 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -24,4 +25,3 @@ tracelog private-dev # private-tmp -nodvd diff --git a/etc/knotes.profile b/etc/knotes.profile index c482a2f02..a1d303ded 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog private-dev # private-etc fonts private-tmp -nodvd diff --git a/etc/konversation.profile b/etc/konversation.profile index b4f0b5524..8bc263d4d 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups noroot notv @@ -20,4 +21,3 @@ protocol unix,inet,inet6 seccomp private-tmp -nodvd diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index ae8d929db..c5b887118 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile @@ -35,6 +35,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -50,4 +51,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/kwrite.profile b/etc/kwrite.profile index b87d453ec..6ba076dc0 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ tracelog private-dev # private-etc fonts private-tmp -nodvd diff --git a/etc/leafpad.profile b/etc/leafpad.profile index d04ea862d..e7557651b 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/less.profile b/etc/less.profile index 725673318..e1c42ed76 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix ignore noroot net none no3d +nodvd nosound notv novideo @@ -28,4 +29,3 @@ noexec ${HOME} noexec /tmp include /etc/firejail/default.profile -nodvd diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index b82e402fb..ec7356002 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/liferea.profile b/etc/liferea.profile index cbc3a2bb5..afd5fed6b 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile @@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter # no3d +nodvd nogroups nonewprivs noroot @@ -41,4 +42,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 6fa4b5e86..bd32e0c70 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 9c8dce88b..734f16e92 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 67c5e0e9a..901bdb408 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index dac9bf957..dbbd1ace0 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile @@ -13,7 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter # noroot - somehow this breaks on Debian Jessie! +nodvd notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/lynx.profile b/etc/lynx.profile index 4b981684a..db01a5b8f 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ tracelog private-dev # private-etc none private-tmp -nodvd diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index e56737691..caf3095a5 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 207ea9c67..26ce42fbf 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index 8b18c7f4e..f0de57e0d 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/mcabber.profile b/etc/mcabber.profile index c9ba56710..bd1ada2b5 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -26,4 +27,3 @@ shell none private-bin mcabber private-dev private-etc null -nodvd diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 36e237fef..d6a55610f 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-bin mediainfo private-dev private-etc none private-tmp -nodvd diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index a4077c416..b90e21e66 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile @@ -21,6 +21,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot notv @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/meld.profile b/etc/meld.profile index 92aefaf78..488b2e365 100644 --- a/etc/meld.profile +++ b/etc/meld.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/midori.profile b/etc/midori.profile index 3b0b96a52..8ddb37776 100644 --- a/etc/midori.profile +++ b/etc/midori.profile @@ -35,10 +35,10 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs # noroot - problems on Ubuntu 14.04 notv protocol unix,inet,inet6,netlink seccomp tracelog -nodvd diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 325b9d60e..36365fc2f 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ tracelog private-bin mousepad private-dev private-tmp -nodvd diff --git a/etc/multimc5.profile b/etc/multimc5.profile index a51defafa..fcb351b4d 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile @@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -37,4 +38,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/mumble.profile b/etc/mumble.profile index 745b22256..e58dc93f4 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile @@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -38,4 +39,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 050addfe4..c7bb458df 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp # mupdf will never write anything read-only ${HOME} -nodvd diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index ad54094f0..9f3be0d27 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -22,8 +22,8 @@ include /etc/firejail/whitelist-common.inc caps.drop all net none +nodvd nonewprivs noroot notv seccomp -nodvd diff --git a/etc/mutt.profile b/etc/mutt.profile index 6387fb40b..206edefae 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -38,6 +38,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -48,4 +49,3 @@ seccomp shell none private-dev -nodvd diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 616d06e99..57d6faa17 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -20,6 +20,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -nodvd diff --git a/etc/nemo.profile b/etc/nemo.profile index d206e3764..b11ad645a 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ shell none noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 36a564715..64aa068b1 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile @@ -21,10 +21,10 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv protocol unix,inet,inet6,netlink seccomp tracelog -nodvd diff --git a/etc/nylas.profile b/etc/nylas.profile index 43445cb1a..5d84d1326 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile @@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ seccomp shell none private-dev -nodvd diff --git a/etc/obs.profile b/etc/obs.profile index f7d7ac310..101d5c28a 100644 --- a/etc/obs.profile +++ b/etc/obs.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 71eff62ac..da2d03635 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-dev private-etc none private-tmp read-only ${HOME} -nodvd diff --git a/etc/okular.profile b/etc/okular.profile index 426072331..d03891ebe 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -22,6 +22,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -40,4 +41,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index b225bd2d2..998d57f62 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile @@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ shell none private-dev # private-etc none private-tmp -nodvd diff --git a/etc/openshot.profile b/etc/openshot.profile index 2219b670c..02f4665d6 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index f751d7a8b..c295a2082 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile @@ -22,5 +22,5 @@ whitelist ~/.pki include /etc/firejail/whitelist-common.inc netfilter -notv nodvd +notv diff --git a/etc/opera.profile b/etc/opera.profile index 2141fe2ee..553ea6790 100644 --- a/etc/opera.profile +++ b/etc/opera.profile @@ -26,5 +26,5 @@ whitelist ~/.pki include /etc/firejail/whitelist-common.inc netfilter -notv nodvd +notv diff --git a/etc/orage.profile b/etc/orage.profile index d5946ab5b..209c7e9db 100644 --- a/etc/orage.profile +++ b/etc/orage.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 962dcd16e..054e876c5 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -41,6 +41,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -55,4 +56,3 @@ tracelog # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse # private-opt palemoon private-tmp -nodvd diff --git a/etc/parole.profile b/etc/parole.profile index e37e39789..794d91481 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot notv @@ -22,4 +23,3 @@ shell none private-bin parole,dbus-launch private-etc passwd,group,fonts -nodvd diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 44375234d..3b739b2ac 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all net none no3d +nodvd nonewprivs noroot nosound @@ -26,4 +27,3 @@ protocol unix seccomp shell none tracelog -nodvd diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 4dbc05413..b156513dc 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 78fb91d5b..540a428cc 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-bin pdftotext private-dev private-etc none private-tmp -nodvd diff --git a/etc/peek.profile b/etc/peek.profile index 0157ca9d4..a7ad9865c 100644 --- a/etc/peek.profile +++ b/etc/peek.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/picard.profile b/etc/picard.profile index d855a767d..8dc79b4ad 100644 --- a/etc/picard.profile +++ b/etc/picard.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 113f3ce33..dd610920a 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ tracelog private-bin pidgin private-dev private-tmp -nodvd diff --git a/etc/pingus.profile b/etc/pingus.profile index 204bc7f40..68d5a98ad 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile @@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ shell none private-dev # private-etc none private-tmp -nodvd diff --git a/etc/pithos.profile b/etc/pithos.profile index be6e1b72a..e7c316a39 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile @@ -15,6 +15,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/pix.profile b/etc/pix.profile index 79107c27c..ed9298727 100644 --- a/etc/pix.profile +++ b/etc/pix.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ tracelog private-bin pix private-dev private-tmp -nodvd diff --git a/etc/pluma.profile b/etc/pluma.profile index ed64c4cf7..d17a64d1d 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ tracelog private-bin pluma private-dev private-tmp -nodvd diff --git a/etc/polari.profile b/etc/polari.profile index c41581b0d..a990194c9 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -27,6 +27,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -43,4 +44,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 3611e66f2..72c52d967 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -40,4 +41,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index b5b5f2cf5..ea635ab6e 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -29,6 +29,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all machine-id netfilter +nodvd nogroups nonewprivs noroot @@ -42,4 +43,3 @@ seccomp private-dev # private-etc X11,fonts,xdg,resolv.conf private-tmp -nodvd diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 292b6b266..2738e04bb 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -25,4 +26,3 @@ tracelog private-tmp noexec /tmp -nodvd diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index a4b962b8a..7a60007fe 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -24,4 +25,3 @@ tracelog private-tmp noexec /tmp -nodvd diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 8e5a4f19d..796015654 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 7fe8567dd..2c652c688 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog private-bin qpdfview private-dev private-tmp -nodvd diff --git a/etc/qtox.profile b/etc/qtox.profile index 6fe942eeb..5cbe68c90 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -37,4 +38,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/quassel.profile b/etc/quassel.profile index 223376272..af0f723f1 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -12,9 +12,9 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 01bc439cd..6f20f6d7f 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -28,6 +28,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -45,4 +46,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index c34a6031f..7b7086bde 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile @@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd noroot notv protocol unix,inet,inet6,netlink @@ -27,4 +28,3 @@ seccomp tracelog # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse -nodvd diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index e041cb04f..31721617f 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -23,10 +23,10 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv protocol unix,inet,inet6,netlink seccomp tracelog -nodvd diff --git a/etc/rambox.profile b/etc/rambox.profile index 686691849..2696df86b 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile @@ -21,6 +21,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ notv protocol unix,inet,inet6,netlink seccomp # tracelog -nodvd diff --git a/etc/ranger.profile b/etc/ranger.profile index 93f517a61..717eca099 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -27,4 +28,3 @@ protocol unix seccomp private-dev -nodvd diff --git a/etc/remmina.profile b/etc/remmina.profile index 70ce4c465..3bb6aa0b1 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/ristretto.profile b/etc/ristretto.profile index 4f271db58..3de5de34a 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 258349f1f..a44d99e5b 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -24,4 +25,3 @@ shell none private-bin rtorrent private-dev private-tmp -nodvd diff --git a/etc/scribus.profile b/etc/scribus.profile index 7f98065ef..acd6b2239 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile @@ -27,6 +27,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nonewprivs noroot nosound @@ -38,4 +39,3 @@ tracelog private-dev # private-tmp -nodvd diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 06889be33..30c2509eb 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index c9bc2d593..36dde66b0 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -37,6 +37,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv @@ -45,4 +46,3 @@ seccomp tracelog # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse -nodvd diff --git a/etc/server.profile b/etc/server.profile index 1bc2920d9..04ef555de 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -21,6 +21,7 @@ include /etc/firejail/disable-programs.inc caps no3d +nodvd nosound notv novideo @@ -37,4 +38,3 @@ private-tmp # memory-deny-write-execute # noexec ${HOME} # noexec /tmp -nodvd diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 2e998b1b9..abc68a499 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index faf31d7a3..05ed9f813 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -nodvd diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 8e1f6031e..fda5204e2 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile @@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ shell none private-dev # private-etc none private-tmp -nodvd diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 1fdfc0dd5..0338bc452 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ shell none # private-dev # private-etc # private-tmp -nodvd diff --git a/etc/skype.profile b/etc/skype.profile index 1c78313aa..f3e504a3f 100644 --- a/etc/skype.profile +++ b/etc/skype.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index 3cd0480c7..b69a208a8 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/slack.profile b/etc/slack.profile index f973f2cae..9025e4f75 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all name slack netfilter +nodvd nogroups nonewprivs noroot @@ -37,4 +38,3 @@ private-bin slack private-dev private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime private-tmp -nodvd diff --git a/etc/snap.profile b/etc/snap.profile index 175589397..238dffeab 100644 --- a/etc/snap.profile +++ b/etc/snap.profile @@ -14,5 +14,5 @@ include /etc/firejail/disable-programs.inc whitelist ${DOWNLOADS} whitelist ~/snap include /etc/firejail/whitelist-common.inc -notv nodvd +notv diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index a9b59b89a..5d7129b5a 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index a61aca77a..65e8073c9 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index fcfdd057a..ba5115521 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile @@ -19,9 +19,9 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nonewprivs noroot notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/ssh.profile b/etc/ssh.profile index 905e3900e..da852c6ba 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -18,6 +18,7 @@ caps.drop all ipc-namespace netfilter no3d +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ private-dev memory-deny-write-execute noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index b37ed72b7..ca521e08c 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed private-dev private-etc fonts private-tmp -nodvd diff --git a/etc/steam.profile b/etc/steam.profile index 8d8eabe6d..96899038a 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -24,6 +24,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -37,4 +38,3 @@ shell none private-dev private-tmp -nodvd diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 06bbf3445..89e2d1a30 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -21,6 +21,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -35,4 +36,3 @@ disable-mnt private-bin stellarium private-dev private-tmp -nodvd diff --git a/etc/strings.profile b/etc/strings.profile index 28f5598cf..f203b963c 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix ignore noroot net none no3d +nodvd nosound notv novideo @@ -22,4 +23,3 @@ private-dev memory-deny-write-execute include /etc/firejail/default.profile -nodvd diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 910c39aeb..cd6496a7b 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile @@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ shell none private-dev # private-etc none private-tmp -nodvd diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 7db148e8d..08ece1e9b 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/tar.profile b/etc/tar.profile index ae520be02..34a4f34d6 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -12,6 +12,7 @@ hostname tar ignore noroot net none no3d +nodvd nosound notv shell none @@ -23,4 +24,3 @@ private-dev private-etc passwd,group,localtime include /etc/firejail/default.profile -nodvd diff --git a/etc/telegram.profile b/etc/telegram.profile index 38cbe3bd0..e3ccaf1a0 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot notv @@ -24,4 +25,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/tracker.profile b/etc/tracker.profile index 9da8931f8..ded2ae2e5 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -nodvd diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index ffdfe16fe..5752c96f3 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -30,4 +31,3 @@ private-etc none private-tmp memory-deny-write-execute -nodvd diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 0de1ea99d..c4bf7a08d 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -36,4 +37,3 @@ private-dev private-tmp memory-deny-write-execute -nodvd diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 6d71cd945..02e9a5052 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -34,4 +35,3 @@ tracelog private-bin transmission-qt private-dev private-tmp -nodvd diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 6fcffe4f8..130defc8e 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nonewprivs noroot nosound @@ -28,4 +29,3 @@ tracelog private-dev private-etc none private-tmp -nodvd diff --git a/etc/truecraft.profile b/etc/truecraft.profile index ccdac70dc..4e48f6c6b 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile @@ -20,6 +20,7 @@ whitelist ${HOME}/.config/truecraft include /etc/firejail/whitelist-common.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -35,4 +36,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index e0f66d877..ddbcce3f6 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all no3d +nodvd nonewprivs noroot notv @@ -28,4 +29,3 @@ private-tmp # noexec ${HOME} - tuxguitar may fail to launch noexec /tmp -nodvd diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index f85d6a7b9..877ad635b 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot nosound @@ -29,4 +30,3 @@ shell none private-bin uget-gtk private-dev private-tmp -nodvd diff --git a/etc/unbound.profile b/etc/unbound.profile index 3ca75b3ef..c1cb86893 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -14,10 +14,10 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc no3d +nodvd nosound notv seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open private private-dev -nodvd diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index c282bb020..5f70843d6 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile @@ -16,6 +16,7 @@ whitelist ~/.unknown-horizons include /etc/firejail/whitelist-common.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ shell none private-dev # private-etc none private-tmp -nodvd diff --git a/etc/unrar.profile b/etc/unrar.profile index b9f2999ae..6a3ac5527 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -12,6 +12,7 @@ hostname unrar ignore noroot net none no3d +nodvd nosound notv shell none @@ -23,4 +24,3 @@ private-etc passwd,group,localtime private-tmp include /etc/firejail/default.profile -nodvd diff --git a/etc/unzip.profile b/etc/unzip.profile index c391dd7a5..bb30d74cd 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -12,6 +12,7 @@ hostname unzip ignore noroot net none no3d +nodvd nosound notv shell none @@ -22,4 +23,3 @@ private-dev private-etc passwd,group,localtime include /etc/firejail/default.profile -nodvd diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 3b254ba4e..192d13f80 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile @@ -10,6 +10,7 @@ include /etc/firejail/globals.local hostname uudeview ignore noroot net none +nodvd nosound notv shell none @@ -20,4 +21,3 @@ private-dev private-etc ld.so.preload include /etc/firejail/default.profile -nodvd diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index 53fc303a0..e7c931f30 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile @@ -25,10 +25,10 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv protocol unix,inet,inet6 seccomp tracelog -nodvd diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 3dd9a5389..a02845885 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-bin viewnior private-dev private-etc fonts private-tmp -nodvd diff --git a/etc/viking.profile b/etc/viking.profile index 8b5bff2b8..30e89b511 100644 --- a/etc/viking.profile +++ b/etc/viking.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/vim.profile b/etc/vim.profile index 0264930ef..7b5566f5b 100644 --- a/etc/vim.profile +++ b/etc/vim.profile @@ -15,10 +15,10 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot notv protocol unix,inet,inet6 seccomp -nodvd diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index da0b91e09..6e153d559 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile @@ -24,5 +24,5 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter -notv nodvd +notv diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index cd4d62e44..503916b26 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -21,6 +21,7 @@ include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin netfilter +nodvd nogroups notv shell none @@ -30,4 +31,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/vym.profile b/etc/vym.profile index 702680958..4f60b2ada 100644 --- a/etc/vym.profile +++ b/etc/vym.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/w3m.profile b/etc/w3m.profile index 04760d176..b25e19135 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ tracelog private-dev private-etc none private-tmp -nodvd diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 0a8a73f1f..976f7db5f 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile @@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ disable-mnt private-bin warzone2100 private-dev private-tmp -nodvd diff --git a/etc/waterfox.profile b/etc/waterfox.profile index c842e6700..76b7c86ba 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile @@ -52,6 +52,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -69,4 +70,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/weechat.profile b/etc/weechat.profile index 79619bb82..b0971ae19 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nonewprivs noroot notv @@ -21,4 +22,3 @@ seccomp # no private-bin support for various reasons: # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins -nodvd diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 30f857f47..d6318c81b 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -23,6 +23,7 @@ whitelist ${HOME}/.local/share/wesnoth include /etc/firejail/whitelist-common.inc caps.drop all +nodvd nonewprivs noroot notv @@ -31,4 +32,3 @@ seccomp private-dev private-tmp -nodvd diff --git a/etc/wget.profile b/etc/wget.profile index 23eba46fe..5072cb9c5 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/wine.profile b/etc/wine.profile index 69ad72137..b1bc7df78 100644 --- a/etc/wine.profile +++ b/etc/wine.profile @@ -17,9 +17,9 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot notv seccomp -nodvd diff --git a/etc/wire.profile b/etc/wire.profile index 00da13cce..af14f686f 100644 --- a/etc/wire.profile +++ b/etc/wire.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -29,4 +30,3 @@ shell none disable-mnt private-dev private-tmp -nodvd diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 1bee919b3..57f4f2f5b 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile @@ -18,6 +18,7 @@ no3d # nogroups - breaks unprivileged wireshark usage # nonewprivs - breaks unprivileged wireshark usage # noroot +nodvd nosound notv # protocol unix,inet,inet6,netlink @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/xchat.profile b/etc/xchat.profile index 73df480bf..ab62160b5 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nonewprivs noroot notv @@ -19,4 +20,3 @@ protocol unix,inet,inet6 seccomp # private-bin requires perl, python, etc. -nodvd diff --git a/etc/xed.profile b/etc/xed.profile index b47cca36f..758fb5526 100644 --- a/etc/xed.profile +++ b/etc/xed.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -26,4 +27,3 @@ tracelog private-bin xed private-dev private-tmp -nodvd diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 4729ebaf7..e80685f0e 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog # private-dev # private-etc fonts # private-tmp -nodvd diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index 3e2d4b1d4..ab52d17e9 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -31,4 +32,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 12b7e6de7..868b4796b 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter no3d +nodvd nogroups nonewprivs noroot @@ -33,4 +34,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/xiphos.profile b/etc/xiphos.profile index ae3e303a3..38e568860 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile @@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -36,4 +37,3 @@ private-bin xiphos private-dev private-etc fonts,resolv.conf,sword private-tmp -nodvd diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 6a67bde75..c7db00daf 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile @@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nogroups nonewprivs noroot @@ -34,4 +35,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 1f51c220d..f34358521 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none no3d +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/xpra.profile b/etc/xpra.profile index 28586f134..2bd91e8b5 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile @@ -26,6 +26,7 @@ whitelist /var/lib/xkb caps.drop all # xpra needs to be allowed access to the abstract Unix socket namespace. +nodvd nogroups nonewprivs # In noroot mode, xpra cannot create a socket in the real /tmp/.X11-unix. @@ -44,4 +45,3 @@ shell none private-dev # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 private-tmp -nodvd diff --git a/etc/xreader.profile b/etc/xreader.profile index 35358814a..107cefe5e 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -28,4 +29,3 @@ tracelog private-bin xreader, xreader-previewer, xreader-thumbnailer private-dev private-tmp -nodvd diff --git a/etc/xviewer.profile b/etc/xviewer.profile index dd3103909..70ad3b895 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-tmp noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 18384680f..7f21f5d2f 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile @@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix ignore noroot net none no3d +nodvd nosound notv shell none @@ -19,4 +20,3 @@ tracelog private-dev include /etc/firejail/default.profile -nodvd diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index e9f6d5641..e20fb3e99 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile @@ -17,6 +17,7 @@ caps.drop all ipc-namespace netfilter no3d +nodvd nogroups nonewprivs noroot @@ -32,4 +33,3 @@ private-dev noexec ${HOME} noexec /tmp -nodvd diff --git a/etc/zathura.profile b/etc/zathura.profile index 9f1c4a3da..0036a3521 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all net none +nodvd nogroups nonewprivs noroot @@ -30,4 +31,3 @@ private-etc fonts private-tmp read-only ~/ read-write ~/.local/share/zathura/ -nodvd diff --git a/etc/zoom.profile b/etc/zoom.profile index e0902390f..381df9ab5 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile @@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all netfilter +nodvd nonewprivs noroot notv @@ -25,4 +26,3 @@ protocol unix,inet,inet6 seccomp private-tmp -nodvd -- cgit v1.2.3-54-g00ecf