profiles: improvements to profiles using private

Changes:

* comment `include whitelist-common.inc` when using `private`
* drop `private` on profiles that access files in `${HOME}`
* use `#` in comments

Relates to netblue30#903.

etc/profile-a-l/daisy.profile

@@ -15,7 +15,7 @@ include disable-interpreters.inc
 include disable-proc.inc
 include disable-programs.inc
 include disable-shell.inc
-#include disable-X11.inc - x11 none
+#include disable-X11.inc # x11 none
 include disable-xdg.inc
 
 include whitelist-common.inc
@@ -47,7 +47,6 @@ tracelog
 x11 none
 
 disable-mnt
-private
 private-bin daisy
 private-cache
 private-dev

etc/profile-a-l/dbus-send.profile

@@ -19,7 +19,7 @@ include disable-shell.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
 
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -28,8 +28,7 @@ apparmor
 caps.drop all
 ipc-namespace
 machine-id
-# Breaks abstract sockets
-#net none
+#net none # breaks abstract sockets
 netfilter
 no3d
 nodvd

etc/profile-a-l/drill.profile

@@ -19,7 +19,7 @@ include disable-exec.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 

etc/profile-a-l/gapplication.profile

@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc

etc/profile-a-l/gnome-calendar.profile

@@ -15,7 +15,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/libgweather
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc

etc/profile-a-l/gnubik.profile

@@ -15,7 +15,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/gnubik
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc

etc/profile-a-l/gravity-beams-and-evaporating-stars.profile

@@ -15,7 +15,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/gravity-beams-and-evaporating-stars
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 

etc/profile-a-l/ipcalc.profile

@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
 
-# include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc

etc/profile-m-z/Xephyr.profile

@@ -16,7 +16,7 @@ include globals.local
 #
 
 whitelist /var/lib/xkb
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 
 caps.drop all
 # Xephyr needs to be allowed access to the abstract Unix socket namespace.

etc/profile-m-z/Xvfb.profile

@@ -19,7 +19,7 @@ include globals.local
 #
 
 whitelist /var/lib/xkb
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 
 caps.drop all
 # Xvfb needs to be allowed access to the abstract Unix socket namespace.

etc/profile-m-z/mirrormagic.profile

@@ -39,7 +39,6 @@ seccomp
 tracelog
 
 disable-mnt
-private
 private-bin mirrormagic
 private-cache
 private-dev

etc/profile-m-z/notify-send.profile

@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
 
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc

etc/profile-m-z/ping.profile

@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-X11.inc
 include disable-xdg.inc
 
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-run-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc

etc/profile-m-z/reader.profile

@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-run-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc

etc/profile-m-z/seahorse-adventures.profile

@@ -23,7 +23,7 @@ include disable-xdg.inc
 
 whitelist /usr/share/seahorse-adventures
 whitelist /usr/share/games/seahorse-adventures
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 

etc/profile-m-z/wordwarvi.profile

@@ -40,7 +40,6 @@ seccomp
 tracelog
 
 disable-mnt
-private
 private-bin wordwarvi
 private-cache
 private-dev

etc/profile-m-z/xbill.profile

@@ -16,7 +16,7 @@ include disable-xdg.inc
 
 whitelist /usr/share/xbill
 whitelist /var/games/xbill/scores
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc