github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

private-etc: big profile changes

Browse source
This commit is contained in:
netblue30 2023-02-05 10:17:26 -05:00
parent f64a9cccec
commit 5d0822c52c
319 changed files with 345 additions and 347 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/profile-a-l/1password.profile
View file

@ -11,7 +11,7 @@ noblacklist ${HOME}/.config/1Password
mkdir ${HOME}/.config/1Password
whitelist ${HOME}/.config/1Password
private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
private-etc @tls-ca
# Needed for keychain things, talking to Firefox, possibly other things? Not sure how to narrow down
ignore dbus-user none

2
etc/profile-a-l/abiword.profile
View file

@ -41,7 +41,7 @@ tracelog
private-bin abiword
private-cache
private-dev
private-etc alternatives,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd
private-etc @x11
private-tmp
# dbus-user none

2
etc/profile-a-l/agetpkg.profile
View file

@ -49,7 +49,7 @@ tracelog
private-bin agetpkg,python3
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
private-etc @tls-ca
private-tmp
dbus-user none

2
etc/profile-a-l/alacarte.profile
View file

@ -52,7 +52,7 @@ disable-mnt
# private-bin alacarte,bash,python*,sh
private-cache
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg
private-etc @tls-ca,@x11,mime.types
private-tmp
dbus-user none

2
etc/profile-a-l/alienarena.profile
View file

@ -43,7 +43,7 @@ disable-mnt
private-bin alienarena
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11
private-etc @tls-ca,@x11,bumblebee,glvnd,host.conf,rpc,services
private-tmp
dbus-user none

2
etc/profile-a-l/alpine.profile
View file

@ -90,7 +90,7 @@ disable-mnt
private-bin alpine
private-cache
private-dev
private-etc alternatives,c-client.cf,ca-certificates,crypto-policies,host.conf,hostname,hosts,krb5.keytab,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,passwd,pine.conf,pinerc.fixed,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg
private-etc @tls-ca,@x11,c-client.cf,host.conf,krb5.keytab,mailcap,mime.types,pine.conf,pinerc.fixed,rpc,services,terminfo
private-tmp
writable-run-user
writable-var

2
etc/profile-a-l/anki.profile
View file

@ -49,7 +49,7 @@ disable-mnt
private-bin anki,python*
private-cache
private-dev
private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl,Trolltech.conf
private-etc @tls-ca,@x11,Trolltech.conf
private-tmp
dbus-user none

2
etc/profile-a-l/apostrophe.profile
View file

@ -62,7 +62,7 @@ disable-mnt
private-bin apostrophe,fmtutil,kpsewhich,mktexfmt,pandoc,pdftex,perl,python3*,sh,xdvipdfmx,xelatex,xetex
private-cache
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,texlive,X11
private-etc @x11,texlive
private-tmp
dbus-user filter

2
etc/profile-a-l/aria2c.profile
View file

@ -45,7 +45,7 @@ private-bin aria2c,gzip
# Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772).
#private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,groups,ld.so.cache,ld.so.preload,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl
private-etc @tls-ca,groups
private-lib libreadline.so.*
private-tmp

2
etc/profile-a-l/arm.profile
View file

@ -42,7 +42,7 @@ tracelog
disable-mnt
private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor
private-dev
private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,resolv.conf,ssl,tor
private-etc @tls-ca,tor
private-tmp
restrict-namespaces

2
etc/profile-a-l/artha.profile
View file

@ -54,7 +54,7 @@ disable-mnt
private-bin artha,enchant,notify-send
private-cache
private-dev
private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
private-etc
private-lib libnotify.so.*
private-tmp

2
etc/profile-a-l/atool.profile
View file

@ -13,7 +13,7 @@ include allow-perl.inc
noroot
# without login.defs atool complains and uses UID/GID 1000 by default
private-etc alternatives,group,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf
private-etc
private-tmp
# Redirect

2
etc/profile-a-l/atril.profile
View file

@ -41,7 +41,7 @@ tracelog
private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote
private-dev
private-etc alternatives,fonts,ld.so.cache,ld.so.preload
private-etc
# atril uses webkit gtk to display epub files
# waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0
#private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit

2
etc/profile-a-l/audio-recorder.profile
View file

@ -43,7 +43,7 @@ tracelog
disable-mnt
# private-bin audio-recorder
private-cache
private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
private-etc
private-tmp
dbus-user filter

2
etc/profile-a-l/authenticator-rs.profile
View file

@ -46,7 +46,7 @@ disable-mnt
private-bin authenticator-rs
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg
private-etc @tls-ca,@x11
private-tmp
dbus-user filter

2
etc/profile-a-l/authenticator.profile
View file

@ -38,7 +38,7 @@ seccomp
disable-mnt
# private-bin authenticator,python*
private-dev
private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
private-etc @tls-ca
private-tmp
# makes settings immutable

2
etc/profile-a-l/ballbuster.profile
View file

@ -44,7 +44,7 @@ disable-mnt
private-bin ballbuster
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/bibletime.profile
View file

@ -51,7 +51,7 @@ disable-mnt
# private-bin bibletime
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf
private-etc @tls-ca,sword,sword.conf
private-tmp
dbus-user none

2
etc/profile-a-l/bijiben.profile
View file

@ -50,7 +50,7 @@ disable-mnt
private-bin bijiben
# private-cache -- access to .cache/tracker is required
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
private-etc @x11
private-tmp
dbus-user filter

2
etc/profile-a-l/bitwarden.profile
View file

@ -23,7 +23,7 @@ no3d
nosound
?HAS_APPIMAGE: ignore private-dev
private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
private-etc @tls-ca
private-opt Bitwarden
# Redirect

2
etc/profile-a-l/bless.profile
View file

@ -34,7 +34,7 @@ seccomp
# private-bin bash,bless,mono,sh
private-cache
private-dev
private-etc alternatives,fonts,ld.so.cache,ld.so.preload,mono
private-etc mono
private-tmp
dbus-user none

2
etc/profile-a-l/blobby.profile
View file

@ -40,7 +40,7 @@ tracelog
disable-mnt
private-bin blobby
private-dev
private-etc alsa,alternatives,asound.conf,drirc,group,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pulse
private-etc @x11
private-lib
private-tmp

2
etc/profile-a-l/blobwars.profile
View file

@ -42,7 +42,7 @@ disable-mnt
private-bin blobwars
private-cache
private-dev
private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/bsdtar.profile
View file

@ -6,7 +6,7 @@ include bsdtar.local
# Persistent global definitions
include globals.local
private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd
private-etc
# Redirect
include archiver-common.profile

2
etc/profile-a-l/cameramonitor.profile
View file

@ -45,7 +45,7 @@ tracelog
disable-mnt
private-bin cameramonitor,python*
private-cache
private-etc alternatives,fonts,ld.so.cache,ld.so.preload
private-etc
private-tmp
# dbus-user none

2
etc/profile-a-l/cargo.profile
View file

@ -16,7 +16,7 @@ noblacklist ${HOME}/.cargo/credentials.toml
#whitelist ${HOME}/.rustup
#private-bin cargo,rustc
private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl
private-etc @tls-ca,host.conf,magic,magic.mgc,rpc,services
memory-deny-write-execute

2
etc/profile-a-l/cawbird.profile
View file

@ -38,7 +38,7 @@ disable-mnt
private-bin cawbird
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg
private-etc @tls-ca,@x11,host.conf,mime.types
private-tmp
# dbus-user none

2
etc/profile-a-l/celluloid.profile
View file

@ -52,7 +52,7 @@ tracelog
private-bin celluloid,env,gnome-mpv,python*,youtube-dl
private-cache
private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg
private-etc @tls-ca,@x11,libva.conf,pkcs11,selinux
private-dev
private-tmp

2
etc/profile-a-l/chatterino.profile
View file

@ -70,7 +70,7 @@ private-bin chatterino,cvlc,env,ffmpeg,mpv,nvlc,pgrep,python*,qvlc,rvlc,streamli
# private-cache may cause issues with mpv (see #2838)
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11
private-etc @tls-ca,@x11,dbus-1,rpc,services,Trolltech.conf
private-srv none
private-tmp

2
etc/profile-a-l/cheese.profile
View file

@ -51,7 +51,7 @@ disable-mnt
private-bin cheese
private-cache
private-dev
private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0,ld.so.cache,ld.so.preload
private-etc @x11,clutter-1.0
private-tmp
dbus-user filter

2
etc/profile-a-l/clawsker.profile
View file

@ -43,7 +43,7 @@ disable-mnt
private-bin bash,clawsker,perl,sh,which
private-cache
private-dev
private-etc alternatives,fonts,ld.so.cache,ld.so.preload
private-etc
private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl*
private-tmp

2
etc/profile-a-l/cmus.profile
View file

@ -26,6 +26,6 @@ protocol unix,inet,inet6
seccomp
private-bin cmus
private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl
private-etc @tls-ca
restrict-namespaces

2
etc/profile-a-l/cointop.profile
View file

@ -52,7 +52,7 @@ disable-mnt
private-bin cointop
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
private-etc @tls-ca,host.conf,rpc,services
private-lib
private-tmp

2
etc/profile-a-l/colorful.profile
View file

@ -44,7 +44,7 @@ disable-mnt
private-bin colorful
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/com.github.bleakgrey.tootle.profile
View file

@ -44,7 +44,7 @@ disable-mnt
private-bin com.github.bleakgrey.tootle
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
private-etc @tls-ca,@x11,host.conf,mime.types
private-tmp
# Settings are immutable

2
etc/profile-a-l/com.github.dahenson.agenda.profile
View file

@ -51,7 +51,7 @@ disable-mnt
private-bin com.github.dahenson.agenda
private-cache
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
private-etc @x11
private-tmp
dbus-user filter

2
etc/profile-a-l/com.github.johnfactotum.Foliate.profile
View file

@ -54,7 +54,7 @@ disable-mnt
private-bin com.github.johnfactotum.Foliate,gjs
private-cache
private-dev
private-etc alternatives,dconf,fonts,gconf,gtk-3.0,ld.so.cache,ld.so.preload
private-etc @x11,gconf
private-tmp
read-only ${HOME}

2
etc/profile-a-l/com.github.phase1geo.minder.profile
View file

@ -51,7 +51,7 @@ disable-mnt
private-bin com.github.phase1geo.minder
private-cache
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,X11,xdg
private-etc @x11,mime.types
private-tmp
dbus-user filter

2
etc/profile-a-l/com.github.tchx84.Flatseal.profile
View file

@ -51,7 +51,7 @@ disable-mnt
private-bin com.github.tchx84.Flatseal,gjs
private-cache
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
private-etc @x11
private-tmp
dbus-user filter

2
etc/profile-a-l/coyim.profile
View file

@ -39,7 +39,7 @@ tracelog
disable-mnt
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,ssl
private-etc @tls-ca
private-tmp
dbus-user none

2
etc/profile-a-l/crow.profile
View file

@ -38,7 +38,7 @@ seccomp
disable-mnt
private-bin crow
private-dev
private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl
private-etc @tls-ca,@x11
private-opt none
private-tmp
private-srv none

2
etc/profile-a-l/d-feet.profile
View file

@ -49,7 +49,7 @@ disable-mnt
private-bin d-feet,python*
private-cache
private-dev
private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id
private-etc dbus-1
private-tmp
#memory-deny-write-execute - breaks on Arch (see issue #1803)

2
etc/profile-a-l/dbus-send.profile
View file

@ -50,7 +50,7 @@ private
private-bin dbus-send
private-cache
private-dev
private-etc alternatives,dbus-1,ld.so.cache,ld.so.preload
private-etc dbus-1
private-lib libpcre*
private-tmp

2
etc/profile-a-l/dconf-editor.profile
View file

@ -42,7 +42,7 @@ disable-mnt
private-bin dconf-editor
private-cache
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id
private-etc @x11
private-lib
private-tmp

2
etc/profile-a-l/dconf.profile
View file

@ -45,7 +45,7 @@ disable-mnt
private-bin dconf,gsettings
private-cache
private-dev
private-etc alternatives,dconf,ld.so.cache,ld.so.preload
private-etc @x11
private-lib
private-tmp

2
etc/profile-a-l/ddgtk.profile
View file

@ -44,7 +44,7 @@ tracelog
disable-mnt
private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr
private-cache
private-etc alternatives,fonts,ld.so.cache,ld.so.preload
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/devhelp.profile
View file

@ -41,7 +41,7 @@ disable-mnt
private-bin devhelp
private-cache
private-dev
private-etc alternatives,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,ssl
private-etc @tls-ca,@x11
private-tmp
# makes settings immutable

2
etc/profile-a-l/devilspie.profile
View file

@ -47,7 +47,7 @@ disable-mnt
private-bin devilspie
private-cache
private-dev
private-etc alternatives,ld.so.cache,ld.so.preload
private-etc
private-lib gconv
private-tmp

2
etc/profile-a-l/dig.profile
View file

@ -48,7 +48,7 @@ tracelog
disable-mnt
private-bin bash,dig,sh
private-dev
private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf
private-etc
# Add the next line to your dig.local on non Debian/Ubuntu OS (see issue #3038).
#private-lib
private-tmp

2
etc/profile-a-l/discord-common.profile
View file

@ -24,7 +24,7 @@ whitelist ${HOME}/.config/BetterDiscord
whitelist ${HOME}/.local/share/betterdiscordctl
private-bin awk,bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],fish,grep,head,sed,sh,tclsh,tr,which,xdg-mime,xdg-open,zsh
private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
private-etc @tls-ca,password
join-or-start discord

2
etc/profile-a-l/display.profile
View file

@ -39,7 +39,7 @@ seccomp
private-bin display,python*
private-dev
# On Debian-based systems, display is a symlink in /etc/alternatives
private-etc alternatives,ImageMagick-6,ImageMagick-7,ld.so.cache,ld.so.preload
private-etc ImageMagick-6,ImageMagick-7
private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libgomp.so.*,ImageMagick*,libfreetype.so.*,libltdl.so.*,libMagickWand-*.so.*,libXext.so.*
private-tmp

2
etc/profile-a-l/dolphin-emu.profile
View file

@ -54,7 +54,7 @@ private-bin bash,dolphin-emu,dolphin-emu-x11,sh
private-cache
# Add the next line to your dolphin-emu.local if you do not need controller support.
#private-dev
private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services,Trolltech.conf
private-opt none
private-tmp

2
etc/profile-a-l/drawio.profile
View file

@ -44,7 +44,7 @@ seccomp !chroot
private-bin drawio
private-cache
private-dev
private-etc alternatives,fonts,ld.so.cache,ld.so.preload
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/easystroke.profile
View file

@ -44,7 +44,7 @@ disable-mnt
#private-bin bash,easystroke,sh
private-cache
private-dev
private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd
private-etc
# breaks custom shell command functionality
#private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
private-tmp

2
etc/profile-a-l/electron-mail.profile
View file

@ -29,7 +29,7 @@ read-only ${HOME}/.mozilla/firefox/profiles.ini
machine-id
nosound
private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
private-etc @tls-ca,@x11
private-opt ElectronMail
dbus-user filter

2
etc/profile-a-l/electrum.profile
View file

@ -46,7 +46,7 @@ private-bin electrum,python*
private-cache
?HAS_APPIMAGE: ignore private-dev
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl
private-etc @tls-ca,@x11
private-tmp
# dbus-user none

2
etc/profile-a-l/email-common.profile
View file

@ -69,7 +69,7 @@ tracelog
# disable-mnt
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,localtime,machine-id,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,timezone,xdg
private-etc @tls-ca,@x11,gnupg,groups,hosts.conf,mailname,selinux,timezone
private-tmp
# encrypting and signing email
writable-run-user

2
etc/profile-a-l/enchant.profile
View file

@ -47,7 +47,7 @@ x11 none
private-bin enchant,enchant-*
private-cache
private-dev
private-etc alternatives,ld.so.cache,ld.so.preload
private-etc
private-lib
private-tmp

2
etc/profile-a-l/eo-common.profile
View file

@ -46,7 +46,7 @@ tracelog
private-cache
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
private-etc @x11
private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*
private-tmp

2
etc/profile-a-l/equalx.profile
View file

@ -53,7 +53,7 @@ disable-mnt
private-bin equalx,gs,pdflatex,pdftocairo
private-cache
private-dev
private-etc alternatives,equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,ld.so.cache,ld.so.preload,machine-id,papersize,passwd,texlive,Trolltech.conf
private-etc @x11,equalx,equalx.conf,latexmk.conf,papersize,texlive,Trolltech.conf
private-tmp
dbus-user none

2
etc/profile-a-l/evince.profile
View file

@ -54,7 +54,7 @@ tracelog
private-bin evince,evince-previewer,evince-thumbnailer,sh
private-cache
private-dev
private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd
private-etc
# private-lib might break two-page-view on some systems
private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.*
private-tmp

2
etc/profile-a-l/exiftool.profile
View file

@ -47,7 +47,7 @@ x11 none
#private-bin exiftool,perl
private-cache
private-dev
private-etc alternatives,ld.so.cache,ld.so.preload
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/falkon.profile
View file

@ -47,7 +47,7 @@ disable-mnt
# private-bin falkon
private-cache
private-dev
private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
private-etc @tls-ca,@x11,adobe,mailcap,mime.types,selinux
private-tmp
# dbus-user filter

2
etc/profile-a-l/fdns.profile
View file

@ -42,7 +42,7 @@ private
private-bin bash,fdns,sh
private-cache
#private-dev
private-etc alternatives,ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl
private-etc @tls-ca,fdns
# private-lib
private-tmp

2
etc/profile-a-l/feh-network.inc.profile
View file

@ -5,4 +5,4 @@ include feh-network.inc.local
ignore net none
netfilter
protocol unix,inet,inet6
private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
private-etc @tls-ca

2
etc/profile-a-l/feh.profile
View file

@ -35,7 +35,7 @@ seccomp
private-bin feh,jpegexiforient,jpegtran
private-cache
private-dev
private-etc alternatives,feh,ld.so.cache,ld.so.preload
private-etc feh
private-tmp
dbus-user none

2
etc/profile-a-l/ffmpeg.profile
View file

@ -47,7 +47,7 @@ tracelog
private-bin ffmpeg
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pkcs11,pki,resolv.conf,ssl
private-etc @tls-ca,pkcs11
private-tmp
dbus-user none

2
etc/profile-a-l/ffplay.profile
View file

@ -14,7 +14,7 @@ ignore nogroups
ignore nosound
private-bin ffplay
private-etc alsa,alternatives,asound.conf,group,ld.so.cache,ld.so.preload
private-etc
# Redirect
include ffmpeg.profile

2
etc/profile-a-l/file-roller.profile
View file

@ -42,7 +42,7 @@ tracelog
private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd
private-cache
private-dev
private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg
private-etc @x11
# private-tmp
dbus-system none

4
etc/profile-a-l/firefox-common.profile
View file

@ -57,9 +57,7 @@ seccomp !chroot
disable-mnt
?BROWSER_DISABLE_U2F: private-dev
# private-etc below works fine on most distributions. There are some problems on CentOS.
# Add it to your firefox-common.local if you want to enable it.
#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
# private-etc below works fine on most distributions. There could be some problems on CentOS.
private-etc @tls-ca,@x11,mailcap,mime.types,os-release
private-tmp

2
etc/profile-a-l/flameshot.profile
View file

@ -51,7 +51,7 @@ tracelog
disable-mnt
private-bin flameshot
private-cache
private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,pki,resolv.conf,ssl
private-etc @tls-ca
private-dev
#private-tmp

2
etc/profile-a-l/fractal.profile
View file

@ -46,7 +46,7 @@ disable-mnt
private-bin fractal
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
private-etc @tls-ca,@x11,host.conf,mime.types,selinux
private-tmp
dbus-user filter

2
etc/profile-a-l/freetube.profile
View file

@ -18,7 +18,7 @@ mkdir ${HOME}/.config/FreeTube
whitelist ${HOME}/.config/FreeTube
private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh
private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
private-etc @tls-ca,@x11,host.conf,mime.types
dbus-user filter
dbus-user.own org.mpris.MediaPlayer2.chromium.*

2
etc/profile-a-l/frogatto.profile
View file

@ -44,7 +44,7 @@ disable-mnt
private-bin frogatto,sh
private-cache
private-dev
private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/gajim.profile
View file

@ -58,7 +58,7 @@ disable-mnt
private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg
private-etc @tls-ca,@x11
private-tmp
writable-run-user

2
etc/profile-a-l/galculator.profile
View file

@ -42,7 +42,7 @@ tracelog
private-bin galculator
private-cache
private-dev
private-etc alternatives,fonts,ld.so.cache,ld.so.preload
private-etc
private-lib
private-tmp

2
etc/profile-a-l/gallery-dl.profile
View file

@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/gallery-dl
noblacklist ${HOME}/.gallery-dl.conf
private-bin gallery-dl
private-etc alternatives,gallery-dl.conf,ld.so.cache,ld.so.preload
private-etc gallery-dl.conf
# Redirect
include youtube-dl.profile

2
etc/profile-a-l/gapplication.profile
View file

@ -48,7 +48,7 @@ private
private-bin gapplication
private-cache
private-dev
private-etc alternatives,ld.so.cache,ld.so.preload
private-etc
private-tmp
# Add the next line to your gapplication.local to filter D-Bus names.

2
etc/profile-a-l/gcloud.profile
View file

@ -35,7 +35,7 @@ tracelog
disable-mnt
private-dev
private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl
private-etc @tls-ca
private-tmp
dbus-user none

2
etc/profile-a-l/gconf.profile
View file

@ -53,7 +53,7 @@ disable-mnt
private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2*
private-cache
private-dev
private-etc alternatives,fonts,gconf,ld.so.cache,ld.so.preload
private-etc gconf
private-lib GConf,libpython*,python2*
private-tmp

2
etc/profile-a-l/geary.profile
View file

@ -75,7 +75,7 @@ tracelog
#private-bin geary,sh
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,fonts,group,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mailcap,mime.types,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg
private-etc @tls-ca,@x11,mailcap,mime.types
private-tmp
dbus-user filter

2
etc/profile-a-l/geekbench.profile
View file

@ -47,7 +47,7 @@ disable-mnt
#private-bin bash,geekbench*,sh -- #4576
private-cache
private-dev
private-etc alternatives,group,ld.so.cache,ld.so.preload,lsb-release,passwd
private-etc lsb-release
private-tmp
dbus-user none

2
etc/profile-a-l/gfeeds.profile
View file

@ -60,7 +60,7 @@ disable-mnt
private-bin gfeeds,python3*
# private-cache -- feeds are stored in ~/.cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg
private-etc @tls-ca,@x11,dbus-1,gconf,host.conf,mime.types,rpc,services
private-tmp
dbus-user filter

2
etc/profile-a-l/gget.profile
View file

@ -48,7 +48,7 @@ disable-mnt
private-bin gget
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
private-etc @tls-ca
private-lib
private-tmp

2
etc/profile-a-l/ghostwriter.profile
View file

@ -51,7 +51,7 @@ private-bin context,gettext,ghostwriter,latex,mktexfmt,pandoc,pdflatex,pdfroff,p
private-cache
private-dev
# passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed
private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg
private-etc @tls-ca,@x11,dbus-1,firejail,gconf,groups,host.conf,mime.types,rpc,services,texlive,Trolltech.conf
private-tmp
dbus-user filter

2
etc/profile-a-l/gimp.profile
View file

@ -59,7 +59,7 @@ seccomp !mbind
tracelog
private-dev
private-etc @x11,gcrypt,python*
private-etc @tls-ca,@x11,python*
private-tmp
dbus-user none

2
etc/profile-a-l/gist.profile
View file

@ -51,7 +51,7 @@ tracelog
disable-mnt
private-cache
private-dev
private-etc alternatives,ld.so.cache,ld.so.preload
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/git-cola.profile
View file

@ -69,7 +69,7 @@ tracelog
private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg
private-etc @tls-ca,@x11,gitconfig,host.conf,mime.types,selinux,ssh
private-tmp
writable-run-user

2
etc/profile-a-l/gitter.profile
View file

@ -36,7 +36,7 @@ seccomp
disable-mnt
private-bin bash,env,gitter
private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,pulse,resolv.conf,ssl
private-etc @tls-ca
private-opt Gitter
private-dev
private-tmp

2
etc/profile-a-l/gl-117.profile
View file

@ -43,7 +43,7 @@ disable-mnt
private-bin gl-117
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
private-etc @x11,bumblebee,glvnd
private-tmp
dbus-user none

2
etc/profile-a-l/glaxium.profile
View file

@ -43,7 +43,7 @@ disable-mnt
private-bin glaxium
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
private-etc @x11,bumblebee,glvnd
private-tmp
dbus-user none

2
etc/profile-a-l/gmpc.profile
View file

@ -43,7 +43,7 @@ tracelog
disable-mnt
#private-bin gmpc
private-cache
private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf
private-etc
private-tmp
writable-run-user

2
etc/profile-a-l/gnome-calendar.profile
View file

@ -44,7 +44,7 @@ private
private-bin gnome-calendar
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl
private-etc @tls-ca,@x11
private-tmp
dbus-user filter

2
etc/profile-a-l/gnome-characters.profile
View file

@ -48,7 +48,7 @@ disable-mnt
private-bin gjs,gnome-characters
private-cache
private-dev
private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg
private-etc @x11,gconf,mime.types
private-tmp
# Add the next lines to your gnome-characters.local if you don't need access to recently used chars.

2
etc/profile-a-l/gnome-chess.profile
View file

@ -49,7 +49,7 @@ disable-mnt
private-bin fairymax,gnome-chess,gnuchess,hoichess
private-cache
private-dev
private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload
private-etc @x11,gnome-chess
private-tmp
restrict-namespaces

2
etc/profile-a-l/gnome-clocks.profile
View file

@ -41,7 +41,7 @@ disable-mnt
private-bin gnome-clocks,gsound-play
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,resolv.conf,ssl
private-etc @tls-ca,@x11,pkcs11
private-tmp
restrict-namespaces

2
etc/profile-a-l/gnome-hexgl.profile
View file

@ -41,7 +41,7 @@ private
private-bin gnome-hexgl
private-cache
private-dev
private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse
private-etc
private-tmp
dbus-user none

2
etc/profile-a-l/gnome-latex.profile
View file

@ -47,7 +47,7 @@ tracelog
private-cache
private-dev
# passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed
private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive
private-etc @x11,latexmk.conf,texlive
dbus-system none

2
etc/profile-a-l/gnome-logs.profile
View file

@ -39,7 +39,7 @@ disable-mnt
private-bin gnome-logs
private-cache
private-dev
private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id
private-etc
private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
private-tmp
writable-var-log

2
etc/profile-a-l/gnome-maps.profile
View file

@ -63,7 +63,7 @@ disable-mnt
private-bin gjs,gnome-maps
# private-cache -- gnome-maps cache all maps/satelite-images
private-dev
private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg
private-etc @tls-ca,@x11,clutter-1.0,gconf,host.conf,mime.types,pkcs11,rpc,services
private-tmp
dbus-user filter

Some files were not shown because too many files have changed in this diff Show more