merges

README

@@ -513,6 +513,8 @@ Gaman Gabriel (https://github.com/stelariusinfinitek)
 	- inox profile
 Gabriel (https://github.com/gcb)
 	- okular profile fix
+	- irssi profile
+	- syncthing profile
 geg2048 (https://github.com/geg2048)
 	- kwallet profile fixes
 glitsj16 (https://github.com/glitsj16)
@@ -1195,6 +1197,8 @@ startx2017 (https://github.com/startx2017)
 	- kwrite and geary profiles
 StelFux (https://github.com/StelFux)
 	- Fix youtube video in totem
+Syed Muhammad Shuja Haider (https://github.com/xplanthris)
+	- prismlauncher profile
 the-antz (https://github.com/the-antz)
 	- Fix libx265 encoding in ffmpeg profile
 	- Fix Firefox profile

etc/profile-a-l/irssi.profile

@@ -50,6 +50,7 @@ seccomp.block-secondary
 disable-mnt
 private-cache
 private-dev
+# private-etc @network,@tls-ca
 private-tmp
 
 dbus-user none

etc/profile-m-z/syncthing.profile

@@ -2,7 +2,6 @@
 # Description: File synchronization using public networks
 # This file is overwritten after every install/update
 
-##quiet
 # Persistent local customizations
 include syncthing.local
 # Persistent global definitions
@@ -17,18 +16,10 @@ noblacklist ${HOME}/Sync
 #       So, we try to preemptively set it here:
 nice 2
 
-# no allow-*.inc
-
-##blacklist PATH
-# Disable Wayland
 blacklist ${RUNUSER}/wayland-*
-# Disable RUNUSER (cli only; supersedes Disable Wayland)
 blacklist ${RUNUSER}
-# Remove the next blacklist if your system has no /usr/libexec dir,
-# otherwise try to add it.
 blacklist /usr/libexec
 
-# disable-*.inc includes
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -36,36 +27,18 @@ include disable-interpreters.inc
 include disable-proc.inc
 include disable-programs.inc
 include disable-shell.inc
-#include disable-write-mnt.inc # we set disable-mnt
-#include disable-x11.inc # this causes an error...
 include disable-xdg.inc
 
 
 mkdir ${HOME}/.local/state/syncthing
 whitelist ${HOME}/.local/state/syncthing
-
-# see note above about this dir!
 mkdir ${HOME}/Sync
 whitelist ${HOME}/Sync
 
 include whitelist-common.inc
 
-
-# Landlock commands
-##landlock.fs.read PATH
-##landlock.fs.write PATH
-##landlock.fs.makeipc PATH
-##landlock.fs.makedev PATH
-##landlock.fs.execute PATH
-#include landlock-common.inc
-
-##allusers
 #apparmor
 caps.drop all
-# CLI only
-##ipc-namespace
-# breaks audio and sometimes dbus related functions
-#machine-id
 netfilter
 no3d
 nodvd
@@ -89,28 +62,14 @@ seccomp
 #x11 none # desirable but too complex to add
 
 disable-mnt
-#private-bin PROGRAMS
 private-cache
 private-dev
 #private-etc
 #  Networking: ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
-##private-lib LIBS
 #private-tmp
-##writable-etc
-##writable-run-user
-##writable-var
-##writable-var-log
 
 dbus-user none
 dbus-system none
 
-# Note: read-only entries should usually go in disable-common.inc (especially
-# entries for configuration files that allow arbitrary command execution).
-##deterministic-shutdown
-##env VAR=VALUE
-# NOTE: there's no env to avoid starting the browser, but it will err out just "fine".
-##join-or-start NAME
-#memory-deny-write-execute
-##read-write ${HOME}
 restrict-namespaces
 

src/firecfg/firecfg.config

@@ -855,7 +855,7 @@ surf
 sushi
 swell-foop
 sylpheed
-syncthing
+#syncthing # server
 synfigstudio
 sysprof
 sysprof-cli