more private-etc

2026-05-21 06:45:29 -06:00 · 2023-02-24 20:37:35 -05:00 · 2023-02-24 20:37:35 -05:00 · 2531759b80
commit 2531759b80
parent 7ed7d6dafd
10 changed files with 39 additions and 56 deletions
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@ -50,7 +50,7 @@ tracelog

 private-bin audacity
 private-dev
-private-etc @tls-ca,@x11
+private-etc @x11
 private-tmp

 # problems on Fedora 27
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@ -59,7 +59,7 @@ seccomp !mbind
 tracelog

 private-dev
-private-etc @tls-ca,@x11,python*
+private-etc @x11,python*
 private-tmp

 dbus-user none
--- a/etc/profile-a-l/iagno.profile
+++ b/etc/profile-a-l/iagno.profile
@ -13,6 +13,13 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-shell.inc

+whitelist ${HOME}/.local/share/glib-2.0/schemas
+include whitelist-common.inc
+
+include whitelist-runuser-common.inc
+whitelist /usr/share/iagno
+whitelist /usr/share/gdm
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc

 apparmor
@ -28,11 +35,12 @@ nou2f
 novideo
 protocol unix
 seccomp
+seccomp.block-secondary

 disable-mnt
-private
 private-bin iagno
 private-dev
+private-etc @x11,gconf
 private-tmp

 # dbus-user none
--- a/etc/profile-m-z/rhythmbox.profile
+++ b/etc/profile-m-z/rhythmbox.profile
@ -51,6 +51,7 @@ tracelog
 private-bin rhythmbox,rhythmbox-client
 private-cache
 private-dev
+private-etc @tls-ca,@x11,python*
 private-tmp

 dbus-user filter
--- a/etc/profile-m-z/totem.profile
+++ b/etc/profile-m-z/totem.profile
@ -51,7 +51,7 @@ private-bin totem
 # totem needs access to ~/.cache/tracker or it exits
 #private-cache
 private-dev
-# private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl
+private-etc @tls-ca,@x11,python*
 private-tmp

 # makes settings immutable