diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 59bd28f95..07fefec8c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -589,7 +589,7 @@ blacklist ${HOME}/.local/share/agenda blacklist ${HOME}/.local/share/apps/korganizer blacklist ${HOME}/.local/share/aspyr-media blacklist ${HOME}/.local/share/autokey -blacklist ${HOME}/.local/share/authenticator-rs +blacklist ${HOME}/.local/share/authenticator-rs blacklist ${HOME}/.local/share/backintime blacklist ${HOME}/.local/share/baloo blacklist ${HOME}/.local/share/barrier diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 5fabf8283..8f7640ffe 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile @@ -11,7 +11,7 @@ include allow-python3.inc include disable-common.inc include disable-devel.inc -include disable-exec.inc +include disable-exec.inc include disable-interpreters.inc include disable-programs.inc include disable-passwdmgr.inc @@ -25,7 +25,7 @@ whitelist /usr/share/icons whitelist /var/lib/app-info/icons whitelist /var/lib/flatpak/exports/share/applications whitelist /var/lib/flatpak/exports/share/icons -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 1eb802d9b..fb12018f5 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile @@ -6,7 +6,7 @@ include authenticator-rs.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.local/share/authenticator-rs +noblacklist ${HOME}/.local/share/authenticator-rs include disable-common.inc include disable-devel.inc @@ -18,12 +18,12 @@ include disable-shell.inc include disable-xdg.inc mkdir ${HOME}/.local/share/authenticator-rs -whitelist ${HOME}/.local/share/authenticator-rs -whitelist ${DOWNLOADS} +whitelist ${HOME}/.local/share/authenticator-rs +whitelist ${DOWNLOADS} whitelist /usr/share/uk.co.grumlimited.authenticator-rs -include whitelist-common.inc -include whitelist-runuser-common.inc -include whitelist-usr-share-common.inc +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc include whitelist-var-common.inc apparmor diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index a401ac592..cda6b1aa0 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile @@ -58,7 +58,7 @@ shell none tracelog # disable-mnt -# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg +# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg # Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile. private-bin balsa,balsa-ab private-cache diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index ab907eb0d..c3af29e15 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile @@ -1,5 +1,5 @@ # Firejail profile for fractal -# Description: Desktop client for Matrix +# Description: Desktop client for Matrix # This file is overwritten after every install/update # Persistent local customizations include fractal.local @@ -21,7 +21,7 @@ mkdir ${HOME}/.cache/fractal whitelist ${HOME}/.cache/fractal whitelist ${DOWNLOADS} include whitelist-common.inc -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index 20a5d609e..e6aff533d 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile @@ -8,7 +8,7 @@ include globals.local noblacklist ${HOME}/.config/FreeTube -include disable-shell.inc +include disable-shell.inc mkdir ${HOME}/.config/FreeTube whitelist ${HOME}/.config/FreeTube diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index 8e600a2d7..da32de640 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile @@ -10,7 +10,7 @@ noblacklist ${HOME}/.config/homebank include disable-common.inc include disable-devel.inc -include disable-exec.inc +include disable-exec.inc include disable-interpreters.inc include disable-programs.inc include disable-passwdmgr.inc diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 9899ff195..9c095e106 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile @@ -12,12 +12,12 @@ noblacklist ${PICTURES} noblacklist ${VIDEOS} noblacklist ${HOME}/.config/kazam -include allow-python2.inc -include allow-python3.inc +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc -include disable-exec.inc +include disable-exec.inc include disable-interpreters.inc include disable-programs.inc include disable-passwdmgr.inc @@ -25,7 +25,7 @@ include disable-shell.inc include disable-xdg.inc whitelist /usr/share/kazam -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index cf3a69fd7..e0cfb9f24 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile @@ -63,7 +63,7 @@ shell none tracelog # disable-mnt -# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg +# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg # Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile. private-bin kube,sink_synchronizer private-cache diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index c70090a25..8a98209a2 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile @@ -11,7 +11,7 @@ include allow-python3.inc include disable-common.inc include disable-devel.inc -include disable-exec.inc +include disable-exec.inc include disable-interpreters.inc include disable-programs.inc include disable-passwdmgr.inc @@ -25,7 +25,7 @@ whitelist /usr/share/menulibre whitelist /var/lib/app-info/icons whitelist /var/lib/flatpak/exports/share/applications whitelist /var/lib/flatpak/exports/share/icons -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 39ecc7127..78ef5e398 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile @@ -19,7 +19,7 @@ include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc -include disable-shell.inc +include disable-shell.inc include disable-xdg.inc mkdir ${HOME}/.cache/Flavio Tordini @@ -30,8 +30,8 @@ whitelist ${HOME}/.cache/Flavio Tordini whitelist ${HOME}/.config/Flavio Tordini whitelist ${HOME}/.local/share/Flavio Tordini whitelist /usr/share/minitube -include whitelist-common.inc -include whitelist-runuser-common.inc +include whitelist-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index 4a5f12aec..55c11be29 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile @@ -1,5 +1,5 @@ # Firejail profile for mirage -# Description: Desktop client for Matrix +# Description: Desktop client for Matrix # This file is overwritten after every install/update # Persistent local customizations include mirage.local @@ -30,7 +30,7 @@ whitelist ${HOME}/.config/mirage whitelist ${HOME}/.local/share/mirage whitelist ${DOWNLOADS} include whitelist-common.inc -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile index cfd00e8ae..9f1f0f53d 100644 --- a/etc/profile-m-z/mtpaint.profile +++ b/etc/profile-m-z/mtpaint.profile @@ -10,14 +10,14 @@ noblacklist ${PICTURES} include disable-common.inc include disable-devel.inc -include disable-exec.inc +include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include disable-shell.inc include disable-xdg.inc -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 955df698d..dbfd12619 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile @@ -1,5 +1,5 @@ # Firejail profile for musictube -# Description: Stream music +# Description: Stream music # This file is overwritten after every install/update # Persistent local customizations include musictube.local @@ -16,7 +16,7 @@ include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc -include disable-shell.inc +include disable-shell.inc include disable-xdg.inc mkdir ${HOME}/.cache/Flavio Tordini @@ -26,8 +26,8 @@ whitelist ${HOME}/.cache/Flavio Tordini whitelist ${HOME}/.config/Flavio Tordini whitelist ${HOME}/.local/share/Flavio Tordini whitelist /usr/share/musictube -include whitelist-common.inc -include whitelist-runuser-common.inc +include whitelist-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile index a7c091196..886403b9e 100644 --- a/etc/profile-m-z/nuclear.profile +++ b/etc/profile-m-z/nuclear.profile @@ -10,7 +10,7 @@ ignore dbus-user noblacklist ${HOME}/.config/nuclear -include disable-shell.inc +include disable-shell.inc mkdir ${HOME}/.config/nuclear whitelist ${HOME}/.config/nuclear diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index 3a235a677..f7cb8790b 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile @@ -13,7 +13,7 @@ include allow-python3.inc include disable-common.inc include disable-devel.inc -include disable-exec.inc +include disable-exec.inc include disable-interpreters.inc include disable-programs.inc include disable-passwdmgr.inc @@ -23,9 +23,9 @@ include disable-xdg.inc mkdir ${HOME}/.config/onboard whitelist ${HOME}/.config/onboard whitelist /usr/share/onboard -include whitelist-common.inc +include whitelist-common.inc include whitelist-usr-share-common.inc -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-var-common.inc apparmor diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index 652b6b7cb..aa26ddd4e 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile @@ -1,5 +1,5 @@ # Firejail profile for otter-browser -# Description: Lightweight web browser based on Qt5 +# Description: Lightweight web browser based on Qt5 # This file is overwritten after every install/update # Persistent local customizations include otter-browser.local @@ -32,7 +32,7 @@ whitelist ${HOME}/.pki whitelist ${HOME}/.local/share/pki whitelist /usr/share/otter-browser include whitelist-common.inc -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc @@ -54,6 +54,6 @@ private-bin bash,otter-browser,sh,which private-cache ?BROWSER_DISABLE_U2F: private-dev private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg -private-tmp +private-tmp dbus-system none diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index d9df3e3b3..9e6b4a87d 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile @@ -10,14 +10,14 @@ noblacklist ${PICTURES} include disable-common.inc include disable-devel.inc -include disable-exec.inc +include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include disable-shell.inc include disable-xdg.inc -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index 2133c74d3..3041860b3 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile @@ -1,5 +1,5 @@ # Firejail profile for quaternion -# Description: Desktop client for Matrix +# Description: Desktop client for Matrix # This file is overwritten after every install/update # Persistent local customizations include quaternion.local @@ -25,7 +25,7 @@ whitelist ${HOME}/.config/Quotient whitelist ${DOWNLOADS} whitelist /usr/share/Quotient/quaternion include whitelist-common.inc -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index d7f94e144..66e917432 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile @@ -1,5 +1,5 @@ # Firejail profile for spectral -# Description: Desktop client for Matrix +# Description: Desktop client for Matrix # This file is overwritten after every install/update # Persistent local customizations include spectral.local @@ -24,7 +24,7 @@ whitelist ${HOME}/.cache/ENCOM/Spectral whitelist ${HOME}/.config/ENCOM whitelist ${DOWNLOADS} include whitelist-common.inc -include whitelist-runuser-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 78b12c2cb..d873a5672 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile @@ -34,7 +34,7 @@ nonewprivs # noroot - see issue #1543 nosound notv -# nou2f - OpenSSH >= 8.2 supports U2F +# nou2f - OpenSSH >= 8.2 supports U2F novideo protocol unix,inet,inet6 seccomp diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index cd36c0d41..0801add28 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile @@ -21,7 +21,7 @@ include disable-xdg.inc include whitelist-runuser-common.inc include whitelist-usr-share-common.inc -include whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile index dcf7ee88b..2f573c872 100644 --- a/etc/profile-m-z/twitch.profile +++ b/etc/profile-m-z/twitch.profile @@ -12,7 +12,7 @@ ignore novideo noblacklist ${HOME}/.config/Twitch -include disable-shell.inc +include disable-shell.inc mkdir ${HOME}/.config/Twitch whitelist ${HOME}/.config/Twitch diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile index 92890a3a8..ad7ceaee4 100644 --- a/etc/profile-m-z/youtube.profile +++ b/etc/profile-m-z/youtube.profile @@ -11,7 +11,7 @@ ignore nou2f noblacklist ${HOME}/.config/Youtube -include disable-shell.inc +include disable-shell.inc mkdir ${HOME}/.config/Youtube whitelist ${HOME}/.config/Youtube diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile index 10ff1616a..74b0e38b9 100644 --- a/etc/profile-m-z/youtubemusic-nativefier.profile +++ b/etc/profile-m-z/youtubemusic-nativefier.profile @@ -8,7 +8,7 @@ include globals.local noblacklist ${HOME}/.config/youtubemusic-nativefier-040164 -include disable-shell.inc +include disable-shell.inc mkdir ${HOME}/.config/youtubemusic-nativefier-040164 whitelist ${HOME}/.config/youtubemusic-nativefier-040164 diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile index 3f6dd9694..ab46fccc2 100644 --- a/etc/profile-m-z/ytmdesktop.profile +++ b/etc/profile-m-z/ytmdesktop.profile @@ -15,7 +15,7 @@ whitelist ${HOME}/.config/youtube-music-desktop-app # private-bin env,ytmdesktop private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg -# private-opt +# private-opt # Redirect include electron.profile