From ff15764d5ffa0d0bce4c7102f7bf24bc4792c498 Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 22 Dec 2019 14:07:44 -0500 Subject: [PATCH] DNM: Add automaticallly generated private-etc lines to all profiles - This includes a workaround for private-etc's lack of globbing support --- etc/0ad.profile | 1 + etc/2048-qt.profile | 1 + etc/7z.profile | 1 + etc/Cryptocat.profile | 1 + etc/Fritzing.profile | 1 + etc/JDownloader.profile | 1 + etc/Maelstrom.profile | 1 + etc/Mathematica.profile | 2 ++ etc/QMediathekView.profile | 1 + etc/QOwnNotes.profile | 2 +- etc/Thunar.profile | 2 ++ etc/Viber.profile | 2 +- etc/XMind.profile | 1 + etc/Xephyr.profile | 2 +- etc/Xvfb.profile | 2 +- etc/akonadi_control.profile | 1 + etc/akregator.profile | 1 + etc/amarok.profile | 2 +- etc/amule.profile | 1 + etc/android-studio.profile | 1 + etc/anki.profile | 2 +- etc/anydesk.profile | 1 + etc/aosp.profile | 1 + etc/apktool.profile | 1 + etc/ar.profile | 1 + etc/arch-audit.profile | 1 + etc/archaudit-report.profile | 1 + etc/ardour5.profile | 2 +- etc/arduino.profile | 1 + etc/aria2c.profile | 2 +- etc/ark.profile | 2 +- etc/arm.profile | 2 +- etc/artha.profile | 2 +- etc/assogiate.profile | 1 + etc/asunder.profile | 1 + etc/atom.profile | 1 + etc/atool.profile | 2 +- etc/atril.profile | 2 +- etc/audacious.profile | 1 + etc/audacity.profile | 1 + etc/audio-recorder.profile | 2 +- etc/authenticator.profile | 2 +- etc/autokey-common.profile | 1 + etc/aweather.profile | 1 + etc/awesome.profile | 1 + etc/baloo_file.profile | 1 + etc/baobab.profile | 1 + etc/bibletime.profile | 2 +- etc/bitcoin-qt.profile | 2 +- etc/bitlbee.profile | 1 + etc/bitwarden.profile | 2 +- etc/blackbox.profile | 2 ++ etc/bleachbit.profile | 1 + etc/blender.profile | 1 + etc/bless.profile | 2 +- etc/bluefish.profile | 1 + etc/brackets.profile | 1 + etc/brasero.profile | 1 + etc/bsdtar.profile | 2 +- etc/bzflag.profile | 1 + etc/caja.profile | 1 + etc/calibre.profile | 1 + etc/calligra.profile | 1 + etc/cameramonitor.profile | 2 +- etc/cantata.profile | 2 +- etc/catfish.profile | 1 + etc/celluloid.profile | 2 +- etc/checkbashisms.profile | 1 + etc/cheese.profile | 2 +- etc/cherrytree.profile | 1 + etc/chromium-common.profile | 1 + etc/cin.profile | 1 + etc/clamav.profile | 1 + etc/clamtk.profile | 1 + etc/claws-mail.profile | 1 + etc/clawsker.profile | 2 +- etc/clementine.profile | 1 + etc/clion.profile | 1 + etc/clipit.profile | 1 + etc/cmus.profile | 2 +- etc/code.profile | 1 + etc/conkeror.profile | 1 + etc/conky.profile | 1 + etc/corebird.profile | 1 + etc/cower.profile | 1 + etc/cpio.profile | 1 + etc/crawl.profile | 1 + etc/crow.profile | 2 +- etc/curl.profile | 2 +- etc/d-feet.profile | 2 +- etc/darktable.profile | 1 + etc/dconf-editor.profile | 2 +- etc/dconf.profile | 2 +- etc/ddgtk.profile | 2 +- etc/deadbeef.profile | 1 + etc/deluge.profile | 1 + etc/devhelp.profile | 2 +- etc/devilspie.profile | 2 +- etc/devilspie2.profile | 2 +- etc/dex2jar.profile | 1 + etc/dia.profile | 1 + etc/dig.profile | 1 + etc/digikam.profile | 2 +- etc/dillo.profile | 1 + etc/dino.profile | 2 +- etc/discord-common.profile | 2 +- etc/display.profile | 2 +- etc/dnscrypt-proxy.profile | 1 + etc/dnsmasq.profile | 1 + etc/dolphin.profile | 1 + etc/dooble.profile | 1 + etc/dosbox.profile | 1 + etc/dragon.profile | 1 + etc/drawio.profile | 2 +- etc/dropbox.profile | 1 + etc/easystroke.profile | 2 +- etc/electron-mail.profile | 2 +- etc/electron.profile | 2 ++ etc/electrum.profile | 2 +- etc/elinks.profile | 2 +- etc/emacs.profile | 2 ++ etc/empathy.profile | 1 + etc/enchant.profile | 2 +- etc/engrampa.profile | 1 + etc/enpass.profile | 1 + etc/eo-common.profile | 2 +- etc/epiphany.profile | 2 ++ etc/etr.profile | 2 +- etc/evince.profile | 2 +- etc/evolution.profile | 1 + etc/exfalso.profile | 2 +- etc/exiftool.profile | 2 +- etc/falkon.profile | 2 +- etc/fbreader.profile | 1 + etc/feedreader.profile | 1 + etc/feh.profile | 2 +- etc/fetchmail.profile | 1 + etc/ffmpeg.profile | 2 +- etc/file-roller.profile | 1 + etc/file.profile | 2 +- etc/filezilla.profile | 1 + etc/firefox-common.profile | 3 +-- etc/flameshot.profile | 2 +- etc/flowblade.profile | 1 + etc/fluxbox.profile | 2 ++ etc/font-manager.profile | 1 + etc/fontforge.profile | 1 + etc/franz.profile | 1 + etc/freecad.profile | 1 + etc/freeciv.profile | 1 + etc/freecol.profile | 1 + etc/freemind.profile | 2 +- etc/freeoffice-planmaker.profile | 1 + etc/freeoffice-presentations.profile | 1 + etc/freeoffice-textmaker.profile | 1 + etc/freshclam.profile | 1 + etc/frozen-bubble.profile | 1 + etc/gajim.profile | 2 +- etc/galculator.profile | 2 +- etc/gcloud.profile | 2 +- etc/gconf.profile | 2 +- etc/geany.profile | 1 + etc/gedit.profile | 1 + etc/geekbench.profile | 2 +- etc/geeqie.profile | 1 + etc/gfeeds.profile | 2 +- etc/ghostwriter.profile | 2 +- etc/gimp.profile | 1 + etc/gist.profile | 2 +- etc/git.profile | 1 + etc/gitg.profile | 1 + etc/github-desktop.profile | 1 + etc/gitter.profile | 2 +- etc/gjs.profile | 2 +- etc/globaltime.profile | 1 + etc/gmpc.profile | 2 +- etc/gnome-2048.profile | 1 + etc/gnome-books.profile | 1 + etc/gnome-builder.profile | 1 + etc/gnome-calculator.profile | 1 + etc/gnome-characters.profile | 2 +- etc/gnome-chess.profile | 2 +- etc/gnome-clocks.profile | 2 +- etc/gnome-contacts.profile | 1 + etc/gnome-documents.profile | 1 + etc/gnome-font-viewer.profile | 1 + etc/gnome-keyring.profile | 1 + etc/gnome-latex.profile | 2 +- etc/gnome-logs.profile | 2 +- etc/gnome-maps.profile | 2 +- etc/gnome-mplayer.profile | 1 + etc/gnome-music.profile | 2 +- etc/gnome-nettool.profile | 1 + etc/gnome-photos.profile | 1 + etc/gnome-pie.profile | 2 +- etc/gnome-recipes.profile | 2 +- etc/gnome-ring.profile | 1 + etc/gnome-schedule.profile | 1 + etc/gnome-sound-recorder.profile | 2 +- etc/gnome-system-log.profile | 2 +- etc/gnome-twitch.profile | 1 + etc/gnome-weather.profile | 2 +- etc/godot.profile | 2 +- etc/goobox.profile | 2 +- etc/google-earth.profile | 1 + etc/google-play-music-desktop-player.profile | 1 + etc/gpa.profile | 1 + etc/gpg-agent.profile | 1 + etc/gpg.profile | 1 + etc/gpicview.profile | 2 +- etc/gpredict.profile | 2 +- etc/gradio.profile | 2 +- etc/gramps.profile | 1 + etc/gthumb.profile | 1 + etc/gtk-update-icon-cache.profile | 2 +- etc/guayadeque.profile | 1 + etc/gucharmap.profile | 2 +- etc/gwenview.profile | 2 +- etc/gzip.profile | 1 + etc/handbrake.profile | 1 + etc/hashcat.profile | 1 + etc/hedgewars.profile | 1 + etc/hexchat.profile | 1 + etc/highlight.profile | 1 + etc/hugin.profile | 1 + etc/i2prouter.profile | 2 +- etc/i3.profile | 2 ++ etc/idea.sh.profile | 1 + etc/imagej.profile | 1 + etc/img2txt.profile | 1 + etc/inkscape.profile | 1 + etc/itch.profile | 1 + etc/jd-gui.profile | 1 + etc/jerry.profile | 2 +- etc/jitsi.profile | 1 + etc/k3b.profile | 1 + etc/kaffeine.profile | 1 + etc/kalgebra.profile | 2 +- etc/kate.profile | 2 +- etc/kcalc.profile | 1 + etc/kdeinit4.profile | 1 + etc/kdenlive.profile | 2 +- etc/keepass.profile | 1 + etc/keepassx.profile | 2 +- etc/keepassxc.profile | 2 +- etc/kfind.profile | 1 + etc/kget.profile | 1 + etc/kid3.profile | 2 +- etc/kino.profile | 1 + etc/kiwix-desktop.profile | 2 +- etc/klatexformula.profile | 1 + etc/klavaro.profile | 2 +- etc/kmail.profile | 1 + etc/kodi.profile | 1 + etc/konversation.profile | 1 + etc/kopete.profile | 1 + etc/krita.profile | 1 + etc/krunner.profile | 1 + etc/ktorrent.profile | 1 + etc/ktouch.profile | 2 +- etc/kwin_x11.profile | 2 +- etc/kwrite.profile | 2 +- etc/leafpad.profile | 1 + etc/less.profile | 1 + etc/libreoffice.profile | 1 + etc/liferea.profile | 1 + etc/lincity-ng.profile | 1 + etc/links.profile | 3 +-- etc/linphone.profile | 1 + etc/lmms.profile | 1 + etc/lollypop.profile | 2 +- etc/lugaru.profile | 1 + etc/luminance-hdr.profile | 1 + etc/lximage-qt.profile | 1 + etc/lxmusic.profile | 1 + etc/lynx.profile | 2 +- etc/macrofusion.profile | 1 + etc/makepkg.profile | 1 + etc/manaplus.profile | 1 + etc/masterpdfeditor.profile | 2 +- etc/mate-calc.profile | 2 +- etc/mate-color-select.profile | 2 +- etc/mate-dictionary.profile | 2 +- etc/mcabber.profile | 2 +- etc/mediainfo.profile | 2 +- etc/mediathekview.profile | 1 + etc/megaglest.profile | 1 + etc/meld.profile | 2 +- etc/mendeleydesktop.profile | 1 + etc/meteo-qt.profile | 1 + etc/midori.profile | 1 + etc/minetest.profile | 3 +-- etc/mousepad.profile | 1 + etc/mp3splt-gtk.profile | 2 +- etc/mp3splt.profile | 2 +- etc/mpDris2.profile | 2 +- etc/mpd.profile | 1 + etc/mpg123.profile | 1 + etc/mplayer.profile | 1 + etc/mpsyt.profile | 1 + etc/mpv.profile | 1 + etc/ms-office.profile | 2 +- etc/multimc5.profile | 1 + etc/mumble.profile | 1 + etc/mupdf.profile | 2 +- etc/mupen64plus.profile | 2 ++ etc/musescore.profile | 1 + etc/musixmatch.profile | 2 +- etc/mutt.profile | 1 + etc/mypaint.profile | 2 +- etc/nano.profile | 2 +- etc/natron.profile | 1 + etc/nautilus.profile | 1 + etc/ncdu.profile | 1 + etc/nemo.profile | 2 ++ etc/netactview.profile | 2 +- etc/nethack-vultures.profile | 1 + etc/nethack.profile | 1 + etc/netsurf.profile | 1 + etc/neverball.profile | 1 + etc/newsboat.profile | 2 +- etc/nheko.profile | 1 + etc/nitroshare.profile | 2 +- etc/nomacs.profile | 2 +- etc/nylas.profile | 1 + etc/nyx.profile | 2 +- etc/obs.profile | 1 + etc/ocenaudio.profile | 2 +- etc/odt2txt.profile | 2 +- etc/okular.profile | 2 +- etc/onionshare-gui.profile | 1 + etc/open-invaders.profile | 1 + etc/openarena.profile | 2 +- etc/openbox.profile | 1 + etc/opencity.profile | 1 + etc/openclonk.profile | 1 + etc/openshot.profile | 1 + etc/openttd.profile | 1 + etc/orage.profile | 1 + etc/ostrichriders.profile | 1 + etc/pandoc.profile | 2 +- etc/parole.profile | 2 +- etc/patch.profile | 1 + etc/pavucontrol.profile | 2 +- etc/pcmanfm.profile | 2 ++ etc/pdfchain.profile | 2 +- etc/pdfmod.profile | 1 + etc/pdfsam.profile | 1 + etc/pdftotext.profile | 2 +- etc/peek.profile | 1 + etc/picard.profile | 1 + etc/pidgin.profile | 1 + etc/ping.profile | 3 +-- etc/pingus.profile | 1 + etc/pinta.profile | 1 + etc/pioneer.profile | 1 + etc/pithos.profile | 1 + etc/pitivi.profile | 1 + etc/pix.profile | 1 + etc/playonlinux.profile | 2 ++ etc/pluma.profile | 1 + etc/pngquant.profile | 2 +- etc/polari.profile | 1 + etc/ppsspp.profile | 2 +- etc/pragha.profile | 2 +- etc/profanity.profile | 2 +- etc/psi-plus.profile | 1 + etc/pybitmessage.profile | 2 +- etc/pycharm-community.profile | 2 +- etc/qbittorrent.profile | 2 +- etc/qemu-launcher.profile | 1 + etc/qemu-system-x86_64.profile | 1 + etc/qgis.profile | 2 +- etc/qlipper.profile | 1 + etc/qmmp.profile | 1 + etc/qpdfview.profile | 1 + etc/qtox.profile | 2 +- etc/quassel.profile | 1 + etc/quiterss.profile | 2 +- etc/qutebrowser.profile | 2 ++ etc/rambox.profile | 2 ++ etc/ranger.profile | 1 + etc/redeclipse.profile | 1 + etc/redshift.profile | 1 + etc/regextester.profile | 2 +- etc/remmina.profile | 1 + etc/rhythmbox.profile | 1 + etc/ricochet.profile | 2 +- etc/ristretto.profile | 1 + etc/rsync-download_only.profile | 2 +- etc/rtorrent.profile | 1 + etc/sayonara.profile | 1 + etc/scallion.profile | 1 + etc/scorched3d.profile | 1 + etc/scribus.profile | 1 + etc/sdat2img.profile | 1 + etc/seahorse.profile | 2 +- etc/seamonkey.profile | 2 +- etc/shellcheck.profile | 1 + etc/shotcut.profile | 1 + etc/signal-cli.profile | 2 +- etc/signal-desktop.profile | 1 + etc/silentarmy.profile | 1 + etc/simple-scan.profile | 2 +- etc/simplescreenrecorder.profile | 1 + etc/simutrans.profile | 1 + etc/skanlite.profile | 1 + etc/skypeforlinux.profile | 1 + etc/slack.profile | 2 +- etc/slashem.profile | 1 + etc/smplayer.profile | 1 + etc/smtube.profile | 1 + etc/sol.profile | 1 + etc/soundconverter.profile | 1 + etc/spectre-meltdown-checker.profile | 1 + etc/spotify.profile | 3 +-- etc/sqlitebrowser.profile | 2 +- etc/ssh-agent.profile | 2 ++ etc/ssh.profile | 1 + etc/standardnotes-desktop.profile | 2 +- etc/start-tor-browser.profile | 2 +- etc/steam.profile | 3 +-- etc/stellarium.profile | 1 + etc/strings.profile | 2 +- etc/subdownloader.profile | 2 +- etc/supertux2.profile | 1 + etc/supertuxkart.profile | 2 +- etc/surf.profile | 2 +- etc/sylpheed.profile | 1 + etc/synfigstudio.profile | 1 + etc/sysprof.profile | 2 +- etc/tar.profile | 2 +- etc/tcpdump.profile | 1 + etc/teams-for-linux.profile | 2 +- etc/teamspeak3.profile | 1 + etc/teeworlds.profile | 1 + etc/telegram.profile | 1 + etc/terasology.profile | 2 +- etc/tilp.profile | 2 +- etc/tor.profile | 2 +- etc/torbrowser-launcher.profile | 2 +- etc/torcs.profile | 1 + etc/totem.profile | 2 +- etc/tracker.profile | 1 + etc/transgui.profile | 2 +- etc/transmission-common.profile | 1 + etc/tremulous.profile | 1 + etc/truecraft.profile | 1 + etc/tshark.profile | 1 + etc/tuxguitar.profile | 1 + etc/udiskie.profile | 2 +- etc/uefitool.profile | 1 + etc/uget-gtk.profile | 1 + etc/unbound.profile | 1 + etc/unf.profile | 2 +- etc/unknown-horizons.profile | 2 +- etc/unrar.profile | 2 +- etc/unzip.profile | 2 +- etc/utox.profile | 2 +- etc/uudeview.profile | 2 +- etc/uzbl-browser.profile | 2 ++ etc/viewnior.profile | 2 +- etc/viking.profile | 1 + etc/vim.profile | 1 + etc/virtualbox.profile | 2 ++ etc/vlc.profile | 1 + etc/vym.profile | 1 + etc/w3m.profile | 2 +- etc/warsow.profile | 1 + etc/warzone2100.profile | 1 + etc/webstorm.profile | 1 + etc/webui-aria2.profile | 1 + etc/weechat.profile | 2 ++ etc/wesnoth.profile | 1 + etc/wget.profile | 2 +- etc/whalebird.profile | 2 +- etc/whois.profile | 2 +- etc/widelands.profile | 1 + etc/wine.profile | 1 + etc/wire-desktop.profile | 2 +- etc/wireshark.profile | 2 +- etc/x-terminal-emulator.profile | 1 + etc/xcalc.profile | 1 + etc/xchat.profile | 1 + etc/xed.profile | 1 + etc/xfburn.profile | 1 + etc/xfce4-dict.profile | 1 + etc/xfce4-mixer.profile | 2 +- etc/xfce4-notes.profile | 1 + etc/xiphos.profile | 2 +- etc/xmms.profile | 1 + etc/xmr-stak.profile | 2 +- etc/xonotic.profile | 2 +- etc/xpdf.profile | 1 + etc/xplayer.profile | 2 +- etc/xpra.profile | 2 +- etc/xreader.profile | 2 +- etc/xviewer.profile | 1 + etc/xzdec.profile | 1 + etc/yelp.profile | 2 +- etc/youtube-dl.profile | 2 +- etc/zaproxy.profile | 1 + etc/zart.profile | 1 + etc/zathura.profile | 2 +- etc/zeal.profile | 2 +- etc/zoom.profile | 1 + etc/zstd.profile | 1 + etc/zulip.profile | 2 +- 508 files changed, 526 insertions(+), 203 deletions(-) diff --git a/etc/0ad.profile b/etc/0ad.profile index 8b5820d5e3a..76c95fcf9f0 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -46,5 +46,6 @@ tracelog disable-mnt private-bin 0ad,pyrogenesis,sh,which private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 2347039a673..d90a1466d20 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile @@ -39,4 +39,5 @@ shell none disable-mnt private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,drirc,fonts,glvnd,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/7z.profile b/etc/7z.profile index 284aa37a2c8..cf933723913 100644 --- a/etc/7z.profile +++ b/etc/7z.profile @@ -38,5 +38,6 @@ x11 none #private-bin 7z,7z*,p7zip private-cache private-dev +#private-etc alternatives,group,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg memory-deny-write-execute diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index e9cc07bd790..2b2002d7e5b 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile @@ -28,4 +28,5 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile index d318da8857a..dd91ed5ba46 100644 --- a/etc/Fritzing.profile +++ b/etc/Fritzing.profile @@ -35,5 +35,6 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile index 1435f34220b..de8f8efa8f5 100644 --- a/etc/JDownloader.profile +++ b/etc/JDownloader.profile @@ -43,5 +43,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/Maelstrom.profile b/etc/Maelstrom.profile index cee49111ea0..4ca2296a0ae 100644 --- a/etc/Maelstrom.profile +++ b/etc/Maelstrom.profile @@ -40,4 +40,5 @@ disable-mnt private-bin Maelstrom private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index c2734b1c16d..69ba3754764 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -28,3 +28,5 @@ nonewprivs noroot notv seccomp + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index b9ddd80c472..147f2dc88a9 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile @@ -51,6 +51,7 @@ disable-mnt private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile index 8157cdff405..834dfbda29b 100644 --- a/etc/QOwnNotes.profile +++ b/etc/QOwnNotes.profile @@ -49,6 +49,6 @@ tracelog disable-mnt private-bin gio,QOwnNotes private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 761440ccc8e..edad4d7f2e6 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile @@ -31,3 +31,5 @@ protocol unix seccomp shell none tracelog + +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg diff --git a/etc/Viber.profile b/etc/Viber.profile index 925e130de47..96b3b00a843 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile @@ -33,5 +33,5 @@ shell none disable-mnt private-bin awk,bash,dig,sh,Viber -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/XMind.profile b/etc/XMind.profile index 7e7c0c3cdbf..40d0cef7fac 100644 --- a/etc/XMind.profile +++ b/etc/XMind.profile @@ -33,6 +33,7 @@ shell none disable-mnt private-bin cp,sh,XMind +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp private-dev diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index ab5fdf942f1..a0f43a6d527 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile @@ -38,5 +38,5 @@ private # private-bin sh,Xephyr,xkbcomp # private-bin bash,cat,ls,sh,strace,Xephyr,xkbcomp private-dev -# private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf +#private-etc alternatives,bumblebee,dbus-1,drirc,glvnd,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,passwd,xdg #private-tmp diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 937d02d6047..201ed6cc3ce 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile @@ -42,5 +42,5 @@ private # private-bin sh,xkbcomp,Xvfb # private-bin bash,cat,ls,sh,strace,xkbcomp,Xvfb private-dev -private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf +private-etc alternatives,bumblebee,dbus-1,drirc,glvnd,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,passwd,xdg private-tmp diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index ffc613f1ef7..3c082850375 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile @@ -51,5 +51,6 @@ novideo tracelog private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # private-tmp - breaks programs that depend on akonadi diff --git a/etc/akregator.profile b/etc/akregator.profile index 34933f2836d..29736749c08 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile @@ -42,5 +42,6 @@ shell none disable-mnt private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kshell4,kshell5 private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,fonts,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,tor,xdg private-tmp diff --git a/etc/amarok.profile b/etc/amarok.profile index 0b974e9ace6..17beab229dc 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile @@ -31,5 +31,5 @@ shell none # private-bin amarok private-dev -# private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/amule.profile b/etc/amule.profile index feb4a5e7e57..3f0cdb7d5ff 100644 --- a/etc/amule.profile +++ b/etc/amule.profile @@ -38,5 +38,6 @@ shell none private-bin amule private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 2e4e564dd47..8e450b09cf3 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile @@ -35,6 +35,7 @@ seccomp shell none private-cache +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # private-tmp # noexec /tmp breaks 'Android Profiler' diff --git a/etc/anki.profile b/etc/anki.profile index c349376ff79..1d1f7328379 100644 --- a/etc/anki.profile +++ b/etc/anki.profile @@ -50,5 +50,5 @@ disable-mnt private-bin anki,python* private-cache private-dev -private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,ssl,Trolltech.conf +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/anydesk.profile b/etc/anydesk.profile index 35b18bab401..a31588daa02 100644 --- a/etc/anydesk.profile +++ b/etc/anydesk.profile @@ -32,4 +32,5 @@ shell none disable-mnt private-bin anydesk private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/aosp.profile b/etc/aosp.profile index a5b1ba9f14f..fd3a1b4096b 100644 --- a/etc/aosp.profile +++ b/etc/aosp.profile @@ -39,4 +39,5 @@ protocol unix,inet,inet6 #seccomp shell none +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/apktool.profile b/etc/apktool.profile index aeeb845ea8c..2632dfd75be 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile @@ -34,3 +34,4 @@ shell none private-bin apktool,basename,bash,dirname,expr,java,sh private-cache private-dev +private-etc alternatives,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg diff --git a/etc/ar.profile b/etc/ar.profile index 6b1fb830c3e..2e9cb97f643 100644 --- a/etc/ar.profile +++ b/etc/ar.profile @@ -39,5 +39,6 @@ x11 none private-bin ar private-cache private-dev +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg memory-deny-write-execute diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 0a87ec29774..267e2b08e76 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile @@ -44,6 +44,7 @@ private private-bin arch-audit private-cache private-dev +private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pacman.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index 19c37f90ed1..87ecf0c1643 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile @@ -35,6 +35,7 @@ disable-mnt private private-bin arch-audit,archaudit-report,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds #private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 5ebeafa7632..ee14b6be4f3 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile @@ -37,6 +37,6 @@ shell none #private-bin ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,ldd,nm,sed,sh private-cache private-dev -#private-etc alternatives,ardour4,ardour5,asound.conf,fonts,machine-id,pulse,X11 +#private-etc Trolltech.conf,X11,alsa,alternatives,ardour4,ardour5,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/arduino.profile b/etc/arduino.profile index fd1ca9a09b5..0aefa3ca854 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile @@ -36,5 +36,6 @@ seccomp shell none private-cache +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 72e577d56e8..70c04b08285 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile @@ -39,7 +39,7 @@ private-bin aria2c,gzip # Uncomment the next line (or put 'private-cache' in your aria2c.local) if you don't use Lutris/winetricks (see issue #2772) #private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-lib libreadline.so.* private-tmp diff --git a/etc/ark.profile b/etc/ark.profile index 2fe546b5572..f56f45646c5 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -37,7 +37,7 @@ seccomp shell none private-bin 7z,ark,bash,lrzip,lsar,lz4,lzop,p7zip,rar,sh,tclsh,unar,unrar,unzip,zip,zipinfo -#private-etc alternatives,drirc,fonts,group,kde5rc,mtab,passwd,samba,smb.conf,xdg +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,drirc,fonts,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,samba,smb.conf,xdg private-dev private-tmp diff --git a/etc/arm.profile b/etc/arm.profile index 51dad94d1cb..a5fccca6613 100644 --- a/etc/arm.profile +++ b/etc/arm.profile @@ -43,6 +43,6 @@ tracelog disable-mnt private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor private-dev -private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-tmp diff --git a/etc/artha.profile b/etc/artha.profile index f1d30a415f5..cfe0036b3cc 100644 --- a/etc/artha.profile +++ b/etc/artha.profile @@ -48,7 +48,7 @@ disable-mnt private-bin artha,enchant,notify-send private-cache private-dev -private-etc alternatives,fonts,machine-id +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib libnotify.so.* private-tmp diff --git a/etc/assogiate.profile b/etc/assogiate.profile index 542b3da8d3d..ef51272c969 100644 --- a/etc/assogiate.profile +++ b/etc/assogiate.profile @@ -44,6 +44,7 @@ disable-mnt private-bin assogiate,gtk-update-icon-cache,update-mime-database private-cache private-dev +#private-etc X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-lib gnome-vfs-2.0,libacl.so.*,libattr.so.*,libfam.so.* private-tmp diff --git a/etc/asunder.profile b/etc/asunder.profile index 1f3acd73589..d1dec5c769c 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile @@ -36,6 +36,7 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp # mdwe is disabled due to breaking hardware accelerated decoding diff --git a/etc/atom.profile b/etc/atom.profile index b9cb49d08d1..d33d38907ad 100644 --- a/etc/atom.profile +++ b/etc/atom.profile @@ -35,4 +35,5 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/atool.profile b/etc/atool.profile index fb75c840809..0dd98ca12a7 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -43,8 +43,8 @@ x11 none # private-bin atool,perl private-cache private-dev +private-etc alternatives,atool.conf,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg # without login.defs atool complains and uses UID/GID 1000 by default -private-etc alternatives,group,login.defs,passwd private-tmp memory-deny-write-execute diff --git a/etc/atril.profile b/etc/atril.profile index adca38cb5dc..17d89758c97 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -42,7 +42,7 @@ tracelog private-bin atril,atril-previewer,atril-thumbnailer private-dev -private-etc alternatives,fonts,ld.so.cache +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # atril uses webkit gtk to display epub files # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit diff --git a/etc/audacious.profile b/etc/audacious.profile index 4d0c9304775..620aa9fc701 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -38,6 +38,7 @@ tracelog # private-bin audacious private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/audacity.profile b/etc/audacity.profile index 200d3a3871b..b1b2093ad35 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -39,6 +39,7 @@ tracelog private-bin audacity private-dev +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp memory-deny-write-execute diff --git a/etc/audio-recorder.profile b/etc/audio-recorder.profile index afd1033de8d..2842c6d1e25 100644 --- a/etc/audio-recorder.profile +++ b/etc/audio-recorder.profile @@ -45,7 +45,7 @@ x11 none disable-mnt # private-bin audio-recorder private-cache -private-etc alternatives,fonts +private-etc alsa,alternatives,asound.conf,dbus-1,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,passwd,pulse,xdg private-tmp # memory-deny-write-execute - breaks on Arch diff --git a/etc/authenticator.profile b/etc/authenticator.profile index 4887299ec58..15ec459bab8 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile @@ -40,7 +40,7 @@ shell none disable-mnt # private-bin authenticator,python* private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,pki,resolv.conf,ssl +private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/autokey-common.profile b/etc/autokey-common.profile index b1a77c0a4bf..9bf8a8e3c8f 100644 --- a/etc/autokey-common.profile +++ b/etc/autokey-common.profile @@ -37,6 +37,7 @@ tracelog private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/aweather.profile b/etc/aweather.profile index d7228570f59..7f9df8b943e 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -36,4 +36,5 @@ tracelog private-bin aweather private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/awesome.profile b/etc/awesome.profile index 5d1bf5071e5..c0307a638a7 100644 --- a/etc/awesome.profile +++ b/etc/awesome.profile @@ -16,4 +16,5 @@ noroot protocol unix,inet,inet6 seccomp +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg read-only ${HOME}/.config/awesome/autorun.sh diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 3cc37739793..388a7ba60eb 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile @@ -5,6 +5,7 @@ include baloo_file.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alternatives,dbus-1,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,tor,xdg # Make home directory read-only and allow writing only to ${HOME}/.local/share # Note: Baloo will not be able to update the "first run" key in its configuration files. # read-only ${HOME} diff --git a/etc/baobab.profile b/etc/baobab.profile index 79d4b23f9e7..2f892d8ec14 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile @@ -31,4 +31,5 @@ shell none private-bin baobab private-dev +private-etc X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/bibletime.profile b/etc/bibletime.profile index b76bc83670c..6eb17cab843 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile @@ -52,5 +52,5 @@ disable-mnt # private-bin bibletime,qt5ct private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,sword,sword.conf,xdg private-tmp diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index ac1e21ba7ab..f686462bfb2 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile @@ -42,8 +42,8 @@ tracelog private-bin bitcoin-qt private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,fonts,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # Causes problem with loading of libGL.so -#private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl private-tmp memory-deny-write-execute diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 62eeb88f3e4..0bc3ae56a4f 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile @@ -6,6 +6,7 @@ include bitlbee.local # Persistent global definitions include globals.local +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,group,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg ignore noexec ${HOME} noblacklist /sbin diff --git a/etc/bitwarden.profile b/etc/bitwarden.profile index a5538bacce5..81ca0507a67 100644 --- a/etc/bitwarden.profile +++ b/etc/bitwarden.profile @@ -6,6 +6,7 @@ include bitwarden.local # Persistent global definitions include globals.local +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg ignore noexec /tmp noblacklist ${HOME}/.config/Bitwarden @@ -47,7 +48,6 @@ private-bin bitwarden private-cache ?HAS_APPIMAGE: ignore private-dev private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl private-opt Bitwarden private-tmp diff --git a/etc/blackbox.profile b/etc/blackbox.profile index 13e83493dbc..fdcecce88d4 100644 --- a/etc/blackbox.profile +++ b/etc/blackbox.profile @@ -16,3 +16,5 @@ noroot protocol unix,inet,inet6 seccomp + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 47c0cfa4823..de52d193d5e 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile @@ -34,6 +34,7 @@ seccomp shell none private-dev +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg # private-tmp # memory-deny-write-execute breaks some systems, see issue #1850 diff --git a/etc/blender.profile b/etc/blender.profile index 6a72fb602a6..7e6b1a1ae0c 100644 --- a/etc/blender.profile +++ b/etc/blender.profile @@ -22,6 +22,7 @@ include disable-programs.inc # Allow usage of AMD GPU by OpenCL noblacklist /sys/module whitelist /sys/module/amdgpu +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg read-only /sys/module/amdgpu caps.drop all diff --git a/etc/bless.profile b/etc/bless.profile index 35235962e1d..54abf449d1f 100644 --- a/etc/bless.profile +++ b/etc/bless.profile @@ -36,6 +36,6 @@ shell none # private-bin bash,bless,mono,sh private-cache private-dev -private-etc alternatives,fonts,mono +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,mono,pango,passwd,xdg private-tmp diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 412088ba99a..81024408c8b 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile @@ -34,5 +34,6 @@ tracelog private-bin bluefish private-dev +#private-etc X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/brackets.profile b/etc/brackets.profile index 70f62813eba..dbeeed7e268 100644 --- a/etc/brackets.profile +++ b/etc/brackets.profile @@ -32,3 +32,4 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/brasero.profile b/etc/brasero.profile index 67fc07afb96..1d93a85b939 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile @@ -31,4 +31,5 @@ tracelog # private-bin brasero private-cache # private-dev +#private-etc X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # private-tmp diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index 17c67ed263b..4585b485494 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile @@ -39,6 +39,6 @@ x11 none private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz private-cache private-dev -private-etc alternatives,group,localtime,passwd +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg memory-deny-write-execute diff --git a/etc/bzflag.profile b/etc/bzflag.profile index 86ab73e0b76..c0fc970ae1e 100644 --- a/etc/bzflag.profile +++ b/etc/bzflag.profile @@ -41,4 +41,5 @@ disable-mnt private-bin bzadmin,bzflag,bzflag-wrapper,bzfs private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/caja.profile b/etc/caja.profile index 7bf901ae363..35dbe5cb53a 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -40,4 +40,5 @@ tracelog # caja needs to be able to start arbitrary applications so we cannot blacklist their files # private-bin caja # private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,prelink.conf.d,pulse,xdg # private-tmp diff --git a/etc/calibre.profile b/etc/calibre.profile index ad6f0aa0d0f..ddcadbf3e41 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile @@ -34,4 +34,5 @@ seccomp !chroot shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/calligra.profile b/etc/calligra.profile index 7054739c89a..ffaed2fa667 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile @@ -30,6 +30,7 @@ shell none private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch,kbuildsycoca4,kdeinit4 private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,drirc,fonts,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg # noexec ${HOME} noexec /tmp diff --git a/etc/cameramonitor.profile b/etc/cameramonitor.profile index 1d7aa0f9ce2..183585b92e3 100644 --- a/etc/cameramonitor.profile +++ b/etc/cameramonitor.profile @@ -47,7 +47,7 @@ tracelog disable-mnt private-bin cameramonitor,python* private-cache -private-etc alternatives,fonts +private-etc alternatives,dbus-1,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,passwd,tor,xdg private-tmp # memory-deny-write-execute - breaks on Arch diff --git a/etc/cantata.profile b/etc/cantata.profile index c44d56b909f..3914fc83dfb 100644 --- a/etc/cantata.profile +++ b/etc/cantata.profile @@ -34,6 +34,6 @@ protocol unix,inet,inet6,netlink seccomp shell none -# private-etc drirc,fonts,gcrypt,hosts,kde5rc,mpd.conf,passwd,samba,ssl,xdg +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,group,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-bin cantata,mpd,perl private-dev diff --git a/etc/catfish.profile b/etc/catfish.profile index c6c2d7e8aee..5aacd41b087 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile @@ -44,4 +44,5 @@ tracelog # a users wants to search in these directories. # private-bin bash,catfish,env,locate,ls,mlocate,python* # private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg # private-tmp diff --git a/etc/celluloid.profile b/etc/celluloid.profile index 6b7db6b44ac..199e52b2188 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile @@ -41,7 +41,7 @@ tracelog private-bin celluloid,env,gnome-mpv,python*,youtube-dl private-cache -private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg +private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-dev private-tmp diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index c66776b9f5f..dd11e4c7139 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile @@ -46,6 +46,7 @@ x11 none private-cache private-dev +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-lib libfreebl3.so,perl* private-tmp diff --git a/etc/cheese.profile b/etc/cheese.profile index 6339282606e..730a8f3237a 100644 --- a/etc/cheese.profile +++ b/etc/cheese.profile @@ -41,5 +41,5 @@ tracelog disable-mnt private-bin cheese private-cache -private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0 +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 70dea5bd929..d3b777c41f0 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -39,5 +39,6 @@ tracelog private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index 7b88e417adc..3470f3f8195 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile @@ -6,6 +6,7 @@ include chromium-common.local # added by caller profile #include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # noexec ${HOME} breaks DRM binaries. ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} diff --git a/etc/cin.profile b/etc/cin.profile index efeb9cd147e..b8040d143b0 100644 --- a/etc/cin.profile +++ b/etc/cin.profile @@ -33,4 +33,5 @@ shell none #private-bin cin,ffmpeg private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg diff --git a/etc/clamav.profile b/etc/clamav.profile index 45e7723ebf7..e7b4b677b0f 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile @@ -29,6 +29,7 @@ tracelog x11 none private-dev +#private-etc alternatives,clamav,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg read-only ${HOME} memory-deny-write-execute diff --git a/etc/clamtk.profile b/etc/clamtk.profile index bc09808cbad..6ac2124983d 100644 --- a/etc/clamtk.profile +++ b/etc/clamtk.profile @@ -25,3 +25,4 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index 33c0a3369f3..3cff9593315 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile @@ -38,6 +38,7 @@ shell none private-cache private-dev +#private-etc X11,alternatives,ca-certificates,certs,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,shadow,ssl,xdg private-tmp # If you want to read local mail stored in /var/mail, add the following to claws-mail.local: diff --git a/etc/clawsker.profile b/etc/clawsker.profile index 486b022ed13..50e23ef6138 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile @@ -45,7 +45,7 @@ disable-mnt private-bin bash,clawsker,perl,sh,which private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,tor,xdg private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* private-tmp diff --git a/etc/clementine.profile b/etc/clementine.profile index 4d92157d032..28e00487b74 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -30,4 +30,5 @@ protocol unix,inet,inet6 seccomp !ioprio_set private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/clion.profile b/etc/clion.profile index b27d93684da..907d0649eda 100644 --- a/etc/clion.profile +++ b/etc/clion.profile @@ -33,6 +33,7 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # private-tmp noexec /tmp diff --git a/etc/clipit.profile b/etc/clipit.profile index 66b5fc85901..2d7fc8a45fd 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile @@ -46,5 +46,6 @@ shell none disable-mnt private-cache private-dev +#private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/cmus.profile b/etc/cmus.profile index 7e12a06de66..c797f18828e 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile @@ -27,4 +27,4 @@ seccomp shell none private-bin cmus -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,machine-id,pki,pulse,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/code.profile b/etc/code.profile index 6f8a25211c0..9fd9f75f641 100644 --- a/etc/code.profile +++ b/etc/code.profile @@ -33,6 +33,7 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp # Disabling noexec ${HOME} for now since it will diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 38edf0d212e..3be5ce8af0a 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile @@ -34,3 +34,4 @@ protocol unix,inet,inet6 seccomp disable-mnt +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/conky.profile b/etc/conky.profile index 78f92720f44..53fe917d617 100644 --- a/etc/conky.profile +++ b/etc/conky.profile @@ -37,6 +37,7 @@ shell none disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/corebird.profile b/etc/corebird.profile index dbb043c17d5..3b3a42e2c16 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile @@ -33,5 +33,6 @@ shell none private-bin corebird private-dev +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/cower.profile b/etc/cower.profile index 8efe48240c1..2fd3cb1f6b5 100644 --- a/etc/cower.profile +++ b/etc/cower.profile @@ -42,6 +42,7 @@ disable-mnt private-bin cower private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/cpio.profile b/etc/cpio.profile index 17a76570000..9d1ba6402c5 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile @@ -38,5 +38,6 @@ x11 none private-cache private-dev +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,rmt,xdg memory-deny-write-execute diff --git a/etc/crawl.profile b/etc/crawl.profile index af78ac73820..abcd519410b 100644 --- a/etc/crawl.profile +++ b/etc/crawl.profile @@ -42,4 +42,5 @@ disable-mnt private-bin crawl,crawl-tiles private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/crow.profile b/etc/crow.profile index 755b6e9f8e5..0c90cd138de 100644 --- a/etc/crow.profile +++ b/etc/crow.profile @@ -38,7 +38,7 @@ shell none disable-mnt private-bin crow private-dev -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-opt none private-tmp private-srv none diff --git a/etc/curl.profile b/etc/curl.profile index 2624e5545bb..9fa3fab9e61 100644 --- a/etc/curl.profile +++ b/etc/curl.profile @@ -37,5 +37,5 @@ shell none # private-bin curl private-cache private-dev -# private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl +#private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/d-feet.profile b/etc/d-feet.profile index 897bf5f5dcb..b1ab7eb1a3f 100644 --- a/etc/d-feet.profile +++ b/etc/d-feet.profile @@ -48,7 +48,7 @@ disable-mnt private-bin d-feet,python* private-cache private-dev -private-etc alternatives,dbus-1,fonts,machine-id +private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/darktable.profile b/etc/darktable.profile index 2a71ad11ca8..033b9fad196 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile @@ -34,5 +34,6 @@ shell none #private-bin darktable private-dev +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/dconf-editor.profile b/etc/dconf-editor.profile index f9300268fb5..37ba61a5077 100644 --- a/etc/dconf-editor.profile +++ b/etc/dconf-editor.profile @@ -39,6 +39,6 @@ disable-mnt private-bin dconf-editor private-cache private-dev -private-etc alternatives,dconf,fonts,gtk-3.0,machine-id +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,tor,xdg private-lib private-tmp diff --git a/etc/dconf.profile b/etc/dconf.profile index ebb362fb69e..643957141fc 100644 --- a/etc/dconf.profile +++ b/etc/dconf.profile @@ -43,7 +43,7 @@ disable-mnt private-bin dconf,gsettings private-cache private-dev -private-etc alternatives,dconf +private-etc alternatives,dbus-1,dconf,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,passwd,xdg private-lib private-tmp diff --git a/etc/ddgtk.profile b/etc/ddgtk.profile index ef65046e140..1ccfd3030b1 100644 --- a/etc/ddgtk.profile +++ b/etc/ddgtk.profile @@ -48,7 +48,7 @@ x11 none disable-mnt private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr private-cache -private-etc alternatives,fonts +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp # memory-deny-write-execute - breaks on Arch diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 8e67d9daae1..bf0af75176e 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile @@ -31,5 +31,6 @@ seccomp shell none private-dev +#private-etc X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/deluge.profile b/etc/deluge.profile index 8f4f9fbe9db..22f18c67549 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -41,4 +41,5 @@ shell none # deluge is using python on Debian private-bin deluge,deluge-console,deluge-gtk,deluge-web,deluged,python*,sh,uname private-dev +#private-etc X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/devhelp.profile b/etc/devhelp.profile index 5c193583590..4100ac50be6 100644 --- a/etc/devhelp.profile +++ b/etc/devhelp.profile @@ -40,7 +40,7 @@ disable-mnt private-bin devhelp private-cache private-dev -private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl +private-etc X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/devilspie.profile b/etc/devilspie.profile index ad891ffaf01..f400c948081 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile @@ -46,7 +46,7 @@ disable-mnt private-bin devilspie private-cache private-dev -private-etc alternatives +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-lib gconv private-tmp diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index f2bacda9a91..c20be0d647c 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile @@ -49,7 +49,7 @@ disable-mnt private-bin devilspie2 private-cache private-dev -private-etc alternatives +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-lib gconv private-tmp diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index e5f37b06a74..c64db9ecc20 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile @@ -38,4 +38,5 @@ shell none private-bin bash,dex2jar,dirname,expr,grep,java,ls,sh,uname private-cache private-dev +private-etc alternatives,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg diff --git a/etc/dia.profile b/etc/dia.profile index bd79797b7bc..1e1ffe0f8ea 100644 --- a/etc/dia.profile +++ b/etc/dia.profile @@ -39,5 +39,6 @@ disable-mnt #private-bin dia private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/dig.profile b/etc/dig.profile index af71ff17f03..6829a7117ab 100644 --- a/etc/dig.profile +++ b/etc/dig.profile @@ -46,6 +46,7 @@ private private-bin bash,dig,sh private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,trusted-key.key,xdg # Uncomment the next line (or put 'private-lib' in your dig.local) on non Debian/Ubuntu OS (see issue #3038) #private-lib private-tmp diff --git a/etc/digikam.profile b/etc/digikam.profile index 1b80981f757..918f7c7e5b1 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile @@ -36,5 +36,5 @@ seccomp shell none # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device -# private-etc alternatives,ca-certificates,crypto-policies,pki,ssl +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/dillo.profile b/etc/dillo.profile index 7103d02852b..41b82a3e106 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile @@ -34,4 +34,5 @@ seccomp tracelog private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,dillo,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/dino.profile b/etc/dino.profile index 82ddf2819f8..7024970d89c 100644 --- a/etc/dino.profile +++ b/etc/dino.profile @@ -38,6 +38,6 @@ shell none disable-mnt private-bin dino private-dev -# private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl -- breaks server connection +private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/discord-common.profile b/etc/discord-common.profile index a6e7309379d..66228cb6814 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile @@ -29,7 +29,7 @@ seccomp private-bin bash,cut,echo,egrep,grep,head,sed,sh,tr,xdg-mime,xdg-open,zsh private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,sword,sword.conf,xdg private-tmp noexec /tmp diff --git a/etc/display.profile b/etc/display.profile index 9e976c11adc..b2278f03439 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -39,6 +39,6 @@ shell none private-bin display,python* private-dev +private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg # On Debian-based systems, display is a symlink in /etc/alternatives -private-etc alternatives private-tmp diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index d0430d5ca52..c4f11f454b5 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile @@ -39,6 +39,7 @@ disable-mnt private private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dnscrypt-proxy,group,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # mdwe can break modules/plugins memory-deny-write-execute diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index dfb1b61c116..aed92279375 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile @@ -34,3 +34,4 @@ disable-mnt private private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,default,dnsmasq.conf,dnsmasq.conf.d,dnsmasq.d,ethers,group,hosts,host.conf,hostname,hosts,insserv.conf.d,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,resolvconf,rpc,services,ssl,xdg diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 0e5a6e6feab..8aaecd468b0 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile @@ -34,6 +34,7 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # private-tmp join-or-start dolphin diff --git a/etc/dooble.profile b/etc/dooble.profile index bc197b22316..6bdc03c7474 100644 --- a/etc/dooble.profile +++ b/etc/dooble.profile @@ -37,5 +37,6 @@ tracelog disable-mnt private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 17ccc9b9a5e..f6123f7395d 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile @@ -34,4 +34,5 @@ tracelog private-bin dosbox private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/dragon.profile b/etc/dragon.profile index df839cc4733..a232d1e12ea 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile @@ -36,5 +36,6 @@ shell none private-bin dragon private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/drawio.profile b/etc/drawio.profile index d4fd735a12c..275f503d750 100644 --- a/etc/drawio.profile +++ b/etc/drawio.profile @@ -45,7 +45,7 @@ shell none private-bin drawio private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp # memory-deny-write-execute - breaks on Arch diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 1b242d42276..f2dae2555e1 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -41,6 +41,7 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp noexec /tmp diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 623a4cadc4a..120f7d3098b 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile @@ -41,7 +41,7 @@ disable-mnt #private-bin bash,easystroke,sh private-cache private-dev -private-etc alternatives,fonts,group,passwd +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # breaks custom shell command functionality #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp diff --git a/etc/electron-mail.profile b/etc/electron-mail.profile index bde8978df5d..aab2d9c2297 100644 --- a/etc/electron-mail.profile +++ b/etc/electron-mail.profile @@ -45,7 +45,7 @@ shell none private-bin electron-mail private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-opt ElectronMail private-tmp diff --git a/etc/electron.profile b/etc/electron.profile index c24100f1778..652ae4cb9d2 100644 --- a/etc/electron.profile +++ b/etc/electron.profile @@ -23,3 +23,5 @@ noroot notv protocol unix,inet,inet6,netlink seccomp + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/electrum.profile b/etc/electrum.profile index 42438977fb7..1b54a2fb0e8 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile @@ -46,6 +46,6 @@ disable-mnt private-bin electrum,python* private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,machine-id,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/elinks.profile b/etc/elinks.profile index 94f4179c791..f06e7c07945 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -36,5 +36,5 @@ tracelog # private-bin elinks private-cache private-dev -# private-etc alternatives,ca-certificates,crypto-policies,pki,ssl +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/emacs.profile b/etc/emacs.profile index ab378105ed1..f52dfbc4a6f 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile @@ -29,3 +29,5 @@ notv novideo protocol unix,inet,inet6 seccomp + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/empathy.profile b/etc/empathy.profile index 5ca640d306b..3a6ffeebe70 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -23,4 +23,5 @@ protocol unix,inet,inet6 seccomp private-cache +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/enchant.profile b/etc/enchant.profile index d276cec848c..c5fde2f93e1 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile @@ -42,7 +42,7 @@ x11 none private-bin enchant,enchant-* private-cache private-dev -private-etc alternatives +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-lib private-tmp diff --git a/etc/engrampa.profile b/etc/engrampa.profile index aaf3e338215..de8587b6fac 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile @@ -35,6 +35,7 @@ tracelog # private-bin engrampa private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg # private-tmp memory-deny-write-execute diff --git a/etc/enpass.profile b/etc/enpass.profile index 68113e29415..106f56049cf 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile @@ -55,6 +55,7 @@ tracelog private-bin dirname,Enpass,importer_enpass,readlink,sh ?HAS_APPIMAGE: ignore private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-dev private-opt Enpass private-tmp diff --git a/etc/eo-common.profile b/etc/eo-common.profile index 13f498c032d..ef0fe53e536 100644 --- a/etc/eo-common.profile +++ b/etc/eo-common.profile @@ -41,6 +41,6 @@ tracelog private-cache private-dev -private-etc alternatives,dconf,fonts,gtk-3.0 +private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* private-tmp diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 225811226fa..8a60c4d570a 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -34,3 +34,5 @@ nonewprivs notv protocol unix,inet,inet6 seccomp + +private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/etr.profile b/etc/etr.profile index 97a43bb590e..6d0528788a3 100644 --- a/etc/etr.profile +++ b/etc/etr.profile @@ -40,5 +40,5 @@ disable-mnt private-bin etr private-cache private-dev -# private-etc alternatives,drirc,machine-id,openal +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/evince.profile b/etc/evince.profile index 0ace1dc3ed4..53398d665ab 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -46,7 +46,7 @@ tracelog private-bin evince,evince-previewer,evince-thumbnailer private-cache private-dev -private-etc alternatives,fonts,group,machine-id,passwd +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg # private-lib might break two-page-view on some systems private-lib evince,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* private-tmp diff --git a/etc/evolution.profile b/etc/evolution.profile index 71a7a5600d9..0048234e376 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile @@ -40,5 +40,6 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/exfalso.profile b/etc/exfalso.profile index 7d91f2854e8..77056f732f9 100644 --- a/etc/exfalso.profile +++ b/etc/exfalso.profile @@ -50,7 +50,7 @@ shell none private-bin exfalso,python* private-cache private-dev -private-etc alternatives,fonts,group,passwd +private-etc X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-lib libatk-1.0.so.*,libgdk-3.so.*,libgdk_pixbuf-2.0.so.*,libgirepository-1.0.so.*,libgstreamer-1.0.so.*,libgtk-3.so.*,libgtksourceview-3.0.so.*,libpango-1.0.so.*,libpython*,libreadline.so.*,libsoup-2.4.so.*,libssl.so.1.*,python2*,python3* private-tmp diff --git a/etc/exiftool.profile b/etc/exiftool.profile index e455d32c7cc..134585b55f2 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -45,7 +45,7 @@ x11 none #private-bin exiftool,perl private-cache private-dev -private-etc alternatives +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/falkon.profile b/etc/falkon.profile index 0024b6660bd..08712a1066e 100644 --- a/etc/falkon.profile +++ b/etc/falkon.profile @@ -38,6 +38,6 @@ seccomp !chroot # tracelog private-dev -# private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # private-tmp - interferes with the opening of downloaded files diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 701f14dce5c..40c10aab464 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -33,4 +33,5 @@ shell none private-bin fbreader,FBReader private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/feedreader.profile b/etc/feedreader.profile index c12ab23992d..6566bf9b0e7 100644 --- a/etc/feedreader.profile +++ b/etc/feedreader.profile @@ -43,5 +43,6 @@ shell none disable-mnt private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/feh.profile b/etc/feh.profile index 6a8071c28be..cda59f23272 100644 --- a/etc/feh.profile +++ b/etc/feh.profile @@ -37,5 +37,5 @@ shell none private-bin feh,jpegexiforient,jpegtran private-cache private-dev -private-etc alternatives,feh +private-etc Trolltech.conf,X11,alternatives,dconf,feh,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile index d64fe830fd2..f70fb047982 100644 --- a/etc/fetchmail.profile +++ b/etc/fetchmail.profile @@ -32,3 +32,4 @@ shell none #private-bin bash,chmod,fetchmail,procmail private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,default,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,logcheck,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,ppp,protocols,resolv.conf,resolvconf,rpc,services,ssl,xdg diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 67c0ed31158..8c905d5c17f 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile @@ -47,7 +47,7 @@ tracelog private-bin ffmpeg private-cache private-dev -private-etc alternatives,ca-certificates,hosts,pkcs11,pki,resolv.conf,ssl +private-etc alternatives,bumblebee,ca-certificates,crypto-policies,drirc,ffserver.conf,glvnd,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp # memory-deny-write-execute - it breaks old versions of ffmpeg diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 5251ecd46c9..da37c0c8750 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile @@ -38,4 +38,5 @@ tracelog # private-bin file-roller private-dev +#private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # private-tmp diff --git a/etc/file.profile b/etc/file.profile index 37c7ee9e7d1..0f27b1d549b 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -36,7 +36,7 @@ x11 none #private-bin bzip2,file,gzip,lrzip,lz4,lzip,xz,zstd private-cache private-dev -private-etc alternatives,localtime,magic,magic.mgc +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,magic,mime.types,passwd,xdg private-lib file,libarchive.so.*,libfakeroot,libmagic.so.* memory-deny-write-execute diff --git a/etc/filezilla.profile b/etc/filezilla.profile index d8d4c1746c0..7eba50ff0e5 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -35,4 +35,5 @@ shell none # private-bin breaks --join if the user has zsh set as $SHELL - adding zsh on private-bin private-bin bash,filezilla,fzputtygen,fzsftp,lsb_release,python*,sh,uname,zsh private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 7777d07ce21..11f1f96fb91 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile @@ -6,6 +6,7 @@ include firefox-common.local # added by caller profile #include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # noexec ${HOME} breaks DRM binaries. ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} @@ -53,6 +54,4 @@ shell none disable-mnt private-dev -# private-etc below works fine on most distributions. There are some problems on CentOS. -#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp diff --git a/etc/flameshot.profile b/etc/flameshot.profile index 3aad9723bab..03d0d2ab19f 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile @@ -37,7 +37,7 @@ shell none disable-mnt private-bin flameshot private-cache -private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,pki,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-dev private-tmp diff --git a/etc/flowblade.profile b/etc/flowblade.profile index 40472ab931a..736c28e6505 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile @@ -34,5 +34,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/fluxbox.profile b/etc/fluxbox.profile index c296c049194..240ae04ee56 100644 --- a/etc/fluxbox.profile +++ b/etc/fluxbox.profile @@ -16,3 +16,5 @@ noroot protocol unix,inet,inet6 seccomp + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/font-manager.profile b/etc/font-manager.profile index 064df38d770..19aa2903b89 100644 --- a/etc/font-manager.profile +++ b/etc/font-manager.profile @@ -50,6 +50,7 @@ tracelog disable-mnt private-bin font-manager,python*,yelp private-dev +#private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 6d305e2af6d..fbc998ea6d6 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile @@ -37,5 +37,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/franz.profile b/etc/franz.profile index 344804ca92d..53a2186f01a 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -5,6 +5,7 @@ include franz.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg ignore noexec /tmp noblacklist ${HOME}/.cache/Franz diff --git a/etc/freecad.profile b/etc/freecad.profile index 079c85fb12a..017f711a6c9 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile @@ -36,5 +36,6 @@ shell none private-bin freecad,freecadcmd private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/freeciv.profile b/etc/freeciv.profile index fa115d3258d..2bb585222db 100644 --- a/etc/freeciv.profile +++ b/etc/freeciv.profile @@ -41,4 +41,5 @@ disable-mnt private-bin freeciv-gtk3,freeciv-manual,freeciv-mp-gtk3,freeciv-server private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/freecol.profile b/etc/freecol.profile index baeb4c528f0..2cc272ca47f 100644 --- a/etc/freecol.profile +++ b/etc/freecol.profile @@ -53,4 +53,5 @@ tracelog disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/freemind.profile b/etc/freemind.profile index ba945c0fb5d..a07f4263f43 100644 --- a/etc/freemind.profile +++ b/etc/freemind.profile @@ -45,7 +45,7 @@ disable-mnt private-bin bash,cp,dirname,dpkg,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which private-cache private-dev -#private-etc alternatives,fonts,java +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp private-opt none private-srv none diff --git a/etc/freeoffice-planmaker.profile b/etc/freeoffice-planmaker.profile index 8a53c63e321..84166aca3be 100644 --- a/etc/freeoffice-planmaker.profile +++ b/etc/freeoffice-planmaker.profile @@ -35,4 +35,5 @@ tracelog private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/freeoffice-presentations.profile b/etc/freeoffice-presentations.profile index 63be4da7f7f..c54f5bd4583 100644 --- a/etc/freeoffice-presentations.profile +++ b/etc/freeoffice-presentations.profile @@ -35,4 +35,5 @@ tracelog private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/freeoffice-textmaker.profile b/etc/freeoffice-textmaker.profile index 4bca5a98ca1..9046fe2ee1d 100644 --- a/etc/freeoffice-textmaker.profile +++ b/etc/freeoffice-textmaker.profile @@ -35,4 +35,5 @@ tracelog private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/freshclam.profile b/etc/freshclam.profile index 2bab79e2e6b..d73b3093874 100644 --- a/etc/freshclam.profile +++ b/etc/freshclam.profile @@ -28,6 +28,7 @@ disable-mnt private private-cache private-dev +#private-etc alternatives,ca-certificates,clamav,clamd.d,crypto-policies,dbus-1,freshclam.conf,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mail,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,whitelisted_addresses,xdg private-tmp writable-var writable-var-log diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 6cef181c87e..83a9687d874 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile @@ -39,4 +39,5 @@ shell none disable-mnt # private-bin frozen-bubble private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/gajim.profile b/etc/gajim.profile index 85d9b9bd99f..7a6af3aad23 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -49,7 +49,7 @@ tracelog disable-mnt private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python,python3,sh,zsh private-dev -private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl +private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,tor,xdg private-tmp join-or-start gajim diff --git a/etc/galculator.profile b/etc/galculator.profile index f757aed695c..e36bda061fc 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -43,7 +43,7 @@ tracelog private-bin galculator private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,tor,xdg private-lib private-tmp diff --git a/etc/gcloud.profile b/etc/gcloud.profile index 7ca99f42003..c2128c96001 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile @@ -5,6 +5,7 @@ include gcloud.local # Persistent global definitions include globals.local +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # noexec ${HOME} will break user-local installs of gcloud tooling ignore noexec ${HOME} @@ -36,5 +37,4 @@ tracelog disable-mnt private-dev -private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,localtime,nsswitch.conf,pki,resolv.conf,ssl private-tmp diff --git a/etc/gconf.profile b/etc/gconf.profile index 2f930235c3f..4e1f4698dd7 100644 --- a/etc/gconf.profile +++ b/etc/gconf.profile @@ -51,7 +51,7 @@ disable-mnt private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2* private-cache private-dev -private-etc alternatives,fonts,gconf +private-etc alternatives,dbus-1,gconf,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,passwd,tor,xdg private-lib libpython*,python2* private-tmp diff --git a/etc/geany.profile b/etc/geany.profile index 31599e32ab6..3ed6c024236 100644 --- a/etc/geany.profile +++ b/etc/geany.profile @@ -32,4 +32,5 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gedit.profile b/etc/gedit.profile index 83739665450..1ab4cbf1060 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile @@ -42,6 +42,7 @@ tracelog # private-bin gedit private-dev +private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib aspell,gconv,gedit,libgspell-1.so.*,libreadline.so.*,libtinfo.so.* private-tmp diff --git a/etc/geekbench.profile b/etc/geekbench.profile index bf9d27788b0..9bdc9dfad33 100644 --- a/etc/geekbench.profile +++ b/etc/geekbench.profile @@ -42,7 +42,7 @@ disable-mnt private-bin bash,geekbenc*,sh private-cache private-dev -private-etc alternatives,group,lsb-release,passwd +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-lib libstdc++.so.* private-opt none private-tmp diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 8810ca1614e..30ed108851b 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile @@ -31,3 +31,4 @@ shell none # private-bin geeqie private-dev +#private-etc X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg diff --git a/etc/gfeeds.profile b/etc/gfeeds.profile index dcb33bc38ad..acfda2043f9 100644 --- a/etc/gfeeds.profile +++ b/etc/gfeeds.profile @@ -52,5 +52,5 @@ disable-mnt private-bin gfeeds,python3* # private-cache -- feeds are stored in ~/.cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg +private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-tmp diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index 27becf8feac..6188fbd6de9 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile @@ -45,6 +45,6 @@ shell none private-bin context,gettext,ghostwriter,latex,mktexfmt,pandoc,pdflatex,pdfroff,prince,weasyprint,wkhtmltopdf private-cache private-dev +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed -private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg private-tmp diff --git a/etc/gimp.profile b/etc/gimp.profile index 5c0631eb2e6..93b47875739 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile @@ -7,6 +7,7 @@ include gimp.local include globals.local # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory +private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,gimp,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg # if you are not using external plugins, you can comment 'ignore noexec' statement below # or put 'noexec ${HOME}' in your gimp.local ignore noexec ${HOME} diff --git a/etc/gist.profile b/etc/gist.profile index 7413238c85d..51eef7f6bf8 100644 --- a/etc/gist.profile +++ b/etc/gist.profile @@ -52,7 +52,7 @@ tracelog disable-mnt private-cache private-dev -private-etc alternatives +private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/git.profile b/etc/git.profile index dbaaefcc439..1a015b23561 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -53,5 +53,6 @@ shell none private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,gitattributes,gitconfig,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg memory-deny-write-execute diff --git a/etc/gitg.profile b/etc/gitg.profile index 56f8e136f55..852ad7a2df6 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile @@ -42,4 +42,5 @@ tracelog private-bin git,gitg,ssh private-cache private-dev +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/github-desktop.profile b/etc/github-desktop.profile index b25b138adf0..58b7dd87f71 100644 --- a/etc/github-desktop.profile +++ b/etc/github-desktop.profile @@ -41,6 +41,7 @@ disable-mnt # private-bin github-desktop private-cache ?HAS_APPIMAGE: ignore private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-dev # private-lib private-tmp diff --git a/etc/gitter.profile b/etc/gitter.profile index 017b1765aae..ca6bb8179c8 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -37,7 +37,7 @@ shell none disable-mnt private-bin bash,env,gitter -private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-opt Gitter private-dev private-tmp diff --git a/etc/gjs.profile b/etc/gjs.profile index 871020ae0e5..1366b624fcf 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -36,5 +36,5 @@ tracelog # private-bin gjs,gnome-books,gnome-documents,gnome-maps,gnome-photos,gnome-weather private-dev -# private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/globaltime.profile b/etc/globaltime.profile index bb78a608e98..2827e906c20 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile @@ -33,5 +33,6 @@ shell none disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gmpc.profile b/etc/gmpc.profile index b1546db3014..77d1e2a55a3 100644 --- a/etc/gmpc.profile +++ b/etc/gmpc.profile @@ -46,7 +46,7 @@ tracelog disable-mnt #private-bin gmpc private-cache -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp writable-run-user diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 9eb4c147de4..ed3c43c5d13 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile @@ -34,5 +34,6 @@ seccomp disable-mnt private-dev +private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 25cd94f0cf2..b765d7da155 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -38,5 +38,6 @@ tracelog # private-bin gjs,gnome-books private-dev +#private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index 726a74089ca..dfa96fa49d3 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile @@ -33,3 +33,4 @@ shell none private-cache private-dev +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 6709a331e90..ac0660ea545 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile @@ -43,6 +43,7 @@ disable-mnt private-bin gnome-calculator private-cache private-dev +private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg #private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.* private-tmp diff --git a/etc/gnome-characters.profile b/etc/gnome-characters.profile index c3e9466d735..7ee26ff4670 100644 --- a/etc/gnome-characters.profile +++ b/etc/gnome-characters.profile @@ -46,7 +46,7 @@ disable-mnt private-bin gjs,gnome-characters private-cache private-dev -private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg +private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp read-only ${HOME} diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index e657293ac59..ef528c40acb 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -40,5 +40,5 @@ disable-mnt private-bin fairymax,gnome-chess,gnuchess,hoichess private-cache private-dev -private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0 +private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gnome-chess,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 025335a2379..5bf06e9b93f 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile @@ -40,6 +40,6 @@ disable-mnt private-bin gnome-clocks,gsound-play private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,localtime,machine-id,pkcs11,pki,ssl +private-etc X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,geoclue,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index ac6d824517c..19a7444651b 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile @@ -34,5 +34,6 @@ seccomp disable-mnt private-dev +private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 078e8c34e90..bfc72919f5a 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile @@ -37,5 +37,6 @@ tracelog private-cache private-dev +#private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index 468ef0401ff..b8f592e5203 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile @@ -32,5 +32,6 @@ seccomp disable-mnt private-dev +private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gnome-keyring.profile b/etc/gnome-keyring.profile index 8b24da8c4eb..cc499eb9203 100644 --- a/etc/gnome-keyring.profile +++ b/etc/gnome-keyring.profile @@ -47,6 +47,7 @@ disable-mnt #private-bin gnome-keyrin*,secret-tool private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg #private-lib alternatives,gnome-keyring,libsecret-1.so.*,pkcs11,security private-tmp diff --git a/etc/gnome-latex.profile b/etc/gnome-latex.profile index 1bf48c6ab0c..837fd700f2b 100644 --- a/etc/gnome-latex.profile +++ b/etc/gnome-latex.profile @@ -46,5 +46,5 @@ tracelog private-cache private-dev +private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed -private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,login.defs,passwd,texlive diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index 0c5bec14419..90f7809bd44 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile @@ -44,7 +44,7 @@ disable-mnt private-bin gnome-logs private-cache private-dev -private-etc alternatives,fonts,localtime,machine-id +private-etc X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp writable-var-log diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index a625db94822..7bc0d651948 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile @@ -53,6 +53,6 @@ disable-mnt private-bin gjs,gnome-maps # private-cache -- gnome-maps cache all maps/satelite-images private-dev -private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg +private-etc X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,geoclue,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 12bee644856..248a0fd38cc 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -30,5 +30,6 @@ shell none # private-bin gnome-mplayer,mplayer private-cache private-dev +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index ad3fa17535e..a8eb2ad665f 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -39,6 +39,6 @@ tracelog private-bin env,gio-launch-desktop,gnome-music,python*,yelp private-dev -private-etc alternatives,asound.conf,fonts,machine-id,pulse +private-etc X11,alsa,alternatives,asound.conf,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile index d15299890a1..bfe7ccd26e4 100644 --- a/etc/gnome-nettool.profile +++ b/etc/gnome-nettool.profile @@ -41,6 +41,7 @@ disable-mnt private private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-lib libbind9.so.*,libcrypto.so.*,libdns.so.*,libgtk-3.so.*,libgtop*,libirs.so.*,liblua.so.*,libssh2.so.*,libssl.so.* private-tmp diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index aa0b7dbe303..396134cb7a4 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -36,5 +36,6 @@ tracelog # private-bin gjs,gnome-photos private-dev +private-etc X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile index c1d2dae354c..3f53d6c381d 100644 --- a/etc/gnome-pie.profile +++ b/etc/gnome-pie.profile @@ -34,7 +34,7 @@ shell none disable-mnt private-cache private-dev -private-etc alternatives,fonts,machine-id +private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index b4791afc5bf..202a45ea385 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile @@ -45,7 +45,7 @@ shell none disable-mnt private-bin gnome-recipes,tar private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl +private-etc X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* private-tmp diff --git a/etc/gnome-ring.profile b/etc/gnome-ring.profile index 78ceb9c4f74..31f00280771 100644 --- a/etc/gnome-ring.profile +++ b/etc/gnome-ring.profile @@ -30,5 +30,6 @@ shell none disable-mnt # private-dev +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile index c8dd8ead710..065028cdb9c 100644 --- a/etc/gnome-schedule.profile +++ b/etc/gnome-schedule.profile @@ -60,5 +60,6 @@ tracelog disable-mnt private-cache private-dev +#private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg writable-var diff --git a/etc/gnome-sound-recorder.profile b/etc/gnome-sound-recorder.profile index 135106c1ecb..06b5c0a0f3c 100644 --- a/etc/gnome-sound-recorder.profile +++ b/etc/gnome-sound-recorder.profile @@ -37,5 +37,5 @@ tracelog disable-mnt private-cache private-dev -private-etc alsa,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,machine-id,openal,pango,pulse,xdg +private-etc X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/gnome-system-log.profile b/etc/gnome-system-log.profile index cfe39d18bb4..ffca534d361 100644 --- a/etc/gnome-system-log.profile +++ b/etc/gnome-system-log.profile @@ -44,7 +44,7 @@ disable-mnt private-bin gnome-system-log private-cache private-dev -private-etc alternatives,fonts,localtime,machine-id +private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib private-tmp writable-var-log diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index 5e8153035b6..575f9b82e64 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile @@ -36,5 +36,6 @@ shell none disable-mnt private-dev +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index a43db7e2f1e..c92a564a515 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -39,6 +39,6 @@ tracelog disable-mnt # private-bin gjs,gnome-weather private-dev -# private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl +#private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/godot.profile b/etc/godot.profile index 2baf09b1d52..462cff4998e 100644 --- a/etc/godot.profile +++ b/etc/godot.profile @@ -39,5 +39,5 @@ tracelog # private-bin godot private-cache private-dev -private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/goobox.profile b/etc/goobox.profile index c932ad528eb..79f4ff27933 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile @@ -31,5 +31,5 @@ tracelog # private-bin goobox private-dev -# private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl +#private-etc X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # private-tmp diff --git a/etc/google-earth.profile b/etc/google-earth.profile index a331ef8d250..1950f02bc66 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile @@ -47,5 +47,6 @@ shell none disable-mnt private-bin bash,dirname,google-earth,grep,ls,sed,sh private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-opt google diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index daa38523492..be9dd9065e9 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile @@ -5,6 +5,7 @@ include google-play-music-desktop-player.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # noexec /tmp breaks mpris support ignore noexec /tmp diff --git a/etc/gpa.profile b/etc/gpa.profile index ce7c8496d31..535fac6e6a5 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile @@ -31,3 +31,4 @@ tracelog # private-bin gpa,gpg private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index c11773147fd..577b4523662 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile @@ -40,3 +40,4 @@ tracelog # private-bin gpg-agent,gpg private-cache private-dev +#private-etc X11,alternatives,ca-certificates,crypto-policies,dbus-1,gnupg,gnupg2,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,logcheck,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/gpg.profile b/etc/gpg.profile index 5eb18a0bc75..c88edc09479 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile @@ -41,6 +41,7 @@ tracelog # private-bin gpg,gpg-agent private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,gnupg,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # On Arch 'archlinux-keyring' needs read-write access to /etc/pacman.d/gnupg # and /usr/share/pacman/keyrings. Although this works, it makes diff --git a/etc/gpicview.profile b/etc/gpicview.profile index eb00688ddf1..915dd9f085f 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -41,7 +41,7 @@ tracelog private-bin gpicview private-cache private-dev -private-etc alternatives,fonts,group,passwd +private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-lib private-tmp diff --git a/etc/gpredict.profile b/etc/gpredict.profile index c1f1b53a0e6..4c4306108dd 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -35,6 +35,6 @@ tracelog private-bin gpredict private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gradio.profile b/etc/gradio.profile index 82e2504b978..bacc0bb72f0 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile @@ -35,6 +35,6 @@ protocol unix,inet,inet6 seccomp shell none -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gramps.profile b/etc/gramps.profile index 54b1549649d..9227be86940 100644 --- a/etc/gramps.profile +++ b/etc/gramps.profile @@ -46,4 +46,5 @@ shell none disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 77de598024c..b97474ce51f 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile @@ -33,4 +33,5 @@ tracelog private-bin gthumb private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/gtk-update-icon-cache.profile b/etc/gtk-update-icon-cache.profile index fd35a563b7b..4db48cfa946 100644 --- a/etc/gtk-update-icon-cache.profile +++ b/etc/gtk-update-icon-cache.profile @@ -44,7 +44,7 @@ disable-mnt private-bin gtk-update-icon-cache private-cache private-dev -private-etc none +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-lib private-tmp diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index 8ffd7ff58f5..ce4d102ccab 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile @@ -30,5 +30,6 @@ shell none private-bin guayadeque private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index b3aa58d29c9..9eba8ca7443 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile @@ -41,7 +41,7 @@ disable-mnt private-bin gnome-character-map,gucharmap private-cache private-dev -private-etc alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,X11,xdg +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib private-tmp diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 5a5d81378ea..477f391f664 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -45,6 +45,6 @@ shell none private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 private-dev -private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,drirc,fonts,gimp,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg # memory-deny-write-execute diff --git a/etc/gzip.profile b/etc/gzip.profile index 48e495c60fc..8dc85e4a756 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile @@ -7,6 +7,7 @@ include gzip.local # Persistent global definitions include globals.local +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. noblacklist /var/lib/pacman diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 324c629e3d2..6dbb0b47f55 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile @@ -34,5 +34,6 @@ seccomp shell none private-dev +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/hashcat.profile b/etc/hashcat.profile index da59984d708..c7a00094f69 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile @@ -39,5 +39,6 @@ disable-mnt private-bin hashcat private-cache private-dev +#private-etc alternatives,bumblebee,drirc,glvnd,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 898a07a5f27..24a73d9db00 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -32,4 +32,5 @@ tracelog disable-mnt private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/hexchat.profile b/etc/hexchat.profile index d032c93e6d6..bd998416141 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -46,6 +46,7 @@ disable-mnt # debug note: private-bin requires perl, python, etc on some systems private-bin hexchat,python* private-dev +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg #private-lib - python problems private-tmp diff --git a/etc/highlight.profile b/etc/highlight.profile index 249d5cd17f9..dc464b32b8d 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile @@ -33,4 +33,5 @@ x11 none private-bin highlight private-cache private-dev +#private-etc alternatives,higL,highlight,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp diff --git a/etc/hugin.profile b/etc/hugin.profile index 07a697c0546..9a58513faa9 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile @@ -36,5 +36,6 @@ shell none private-bin align_image_stack,autooptimiser,calibrate_lens_gui,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,enblend,fulla,geocpset,hugin,hugin_executor,hugin_hdrmerge,hugin_lensdb,hugin_stitch_project,icpfind,linefind,nona,pano_modify,pano_trafo,PTBatcherGUI,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,tor,xdg private-tmp diff --git a/etc/i2prouter.profile b/etc/i2prouter.profile index e46fb331713..01ba28861b7 100644 --- a/etc/i2prouter.profile +++ b/etc/i2prouter.profile @@ -12,6 +12,7 @@ include globals.local # use the distro-independent official java installer instead # Only needed if i2prouter binary is in home directory, java installer does this +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg ignore noexec ${HOME} noblacklist ${HOME}/.config/i2p @@ -67,5 +68,4 @@ shell none disable-mnt private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,i2p,java-8-openjdk,pki,ssl private-tmp diff --git a/etc/i3.profile b/etc/i3.profile index c1ca0e41384..20310c780df 100644 --- a/etc/i3.profile +++ b/etc/i3.profile @@ -16,3 +16,5 @@ noroot protocol unix,inet,inet6 seccomp + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index a7d0d531ffd..5d6f190cb64 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile @@ -35,6 +35,7 @@ shell none private-cache private-dev +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # private-tmp noexec /tmp diff --git a/etc/imagej.profile b/etc/imagej.profile index 00ee115eda5..bf4c90c81bf 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile @@ -36,5 +36,6 @@ shell none private-bin awk,basename,bash,cut,free,grep,hostname,imagej,ln,ls,mkdir,rm,sort,tail,touch,tr,uname,update-java-alternatives,whoami,xprop private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/img2txt.profile b/etc/img2txt.profile index c17e8287001..b68f6cad0a7 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile @@ -42,6 +42,7 @@ x11 none # private-bin img2txt private-cache private-dev +#private-etc alternatives,bumblebee,drirc,glvnd,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 30cb5d75d70..b370f0421c9 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile @@ -54,6 +54,7 @@ tracelog # private-bin inkscape,potrace,python* - problems on Debian stretch private-cache private-dev +private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,gimp,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp # memory-deny-write-execute diff --git a/etc/itch.profile b/etc/itch.profile index b3c78c81096..d6c4128ad09 100644 --- a/etc/itch.profile +++ b/etc/itch.profile @@ -37,6 +37,7 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp noexec /tmp diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 5b727571882..984c905326c 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile @@ -39,5 +39,6 @@ shell none private-bin bash,jd-gui,sh private-cache private-dev +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/jerry.profile b/etc/jerry.profile index f6bfb995348..d0c9e01fab8 100644 --- a/etc/jerry.profile +++ b/etc/jerry.profile @@ -35,7 +35,7 @@ tracelog private-bin bash,jerry,sh,stockfish private-dev -private-etc fonts,gtk-2.0,gtk-3.0 +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/jitsi.profile b/etc/jitsi.profile index 223c360b8cc..80e18a6dba2 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile @@ -29,4 +29,5 @@ tracelog disable-mnt private-cache +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/k3b.profile b/etc/k3b.profile index 0c1da7ae1a9..2a9b47d2fe8 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile @@ -34,4 +34,5 @@ novideo shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,fonts,group,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # private-tmp diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile index c7f811939ee..cb751e35d14 100644 --- a/etc/kaffeine.profile +++ b/etc/kaffeine.profile @@ -38,5 +38,6 @@ shell none # private-bin kaffeine private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/kalgebra.profile b/etc/kalgebra.profile index 2dc90b9b90f..009db909ac2 100644 --- a/etc/kalgebra.profile +++ b/etc/kalgebra.profile @@ -43,5 +43,5 @@ disable-mnt private-bin kalgebra,kalgebramobile private-cache private-dev -private-etc fonts,machine-id +private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/kate.profile b/etc/kate.profile index 3035393c440..3a98d48594a 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -6,6 +6,7 @@ include kate.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,drirc,fonts,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg ignore noexec ${HOME} noblacklist ${HOME}/.config/katemetainfos @@ -45,7 +46,6 @@ tracelog # private-bin kate,kbuildsycoca4,kdeinit4 private-dev -# private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg private-tmp join-or-start kate diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 8c641802ba7..e40a9a3c43e 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile @@ -43,6 +43,7 @@ shell none disable-mnt private-bin kcalc private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg # private-lib - problems on Arch private-tmp diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile index 082045c62d8..e51aa7214a7 100644 --- a/etc/kdeinit4.profile +++ b/etc/kdeinit4.profile @@ -32,5 +32,6 @@ shell none private-bin kbuildsycoca4,kded4,kdeinit4,knotify4 private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,fonts,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 361109127be..d29c6b822dc 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile @@ -6,6 +6,7 @@ include kdenlive.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg ignore noexec ${HOME} noblacklist ${HOME}/.cache/kdenlive @@ -35,4 +36,3 @@ shell none private-bin dbus-launch,dvdauthor,ffmpeg,ffplay,ffprobe,genisoimage,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kdenlive,kdenlive_render,kshell4,kshell5,melt,mlt-melt,vlc,xine private-dev -# private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,X11,xdg diff --git a/etc/keepass.profile b/etc/keepass.profile index 57a24d8212e..534aa415ffd 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile @@ -40,5 +40,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 44e9c67bb74..d0270d25886 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile @@ -42,7 +42,7 @@ tracelog private-bin keepassx,keepassx2 private-dev -private-etc alternatives,fonts,machine-id +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index d04ada22777..eb571a457af 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile @@ -49,7 +49,7 @@ tracelog private-bin keepassxc,keepassxc-cli,keepassxc-proxy private-dev -private-etc alternatives,fonts,ld.so.cache,machine-id +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,tor,xdg private-tmp # Mutex is stored in /tmp by default, which is broken by private-tmp diff --git a/etc/kfind.profile b/etc/kfind.profile index ee4c35825f0..dcd8c9b6fca 100644 --- a/etc/kfind.profile +++ b/etc/kfind.profile @@ -42,4 +42,5 @@ shell none # private-bin kbuildsycoca4,kdeinit4,kfind private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/kget.profile b/etc/kget.profile index 485edc1a41c..8c7daf7c03b 100644 --- a/etc/kget.profile +++ b/etc/kget.profile @@ -36,6 +36,7 @@ protocol unix,inet,inet6 seccomp private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp # memory-deny-write-execute diff --git a/etc/kid3.profile b/etc/kid3.profile index 01064feb5c5..538091b93a4 100644 --- a/etc/kid3.profile +++ b/etc/kid3.profile @@ -37,7 +37,7 @@ tracelog private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,machine-id,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp private-opt none private-srv none diff --git a/etc/kino.profile b/etc/kino.profile index 9e8d61391c3..7ff42945cc3 100644 --- a/etc/kino.profile +++ b/etc/kino.profile @@ -30,5 +30,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/kiwix-desktop.profile b/etc/kiwix-desktop.profile index 8b7b1288254..fd224614546 100644 --- a/etc/kiwix-desktop.profile +++ b/etc/kiwix-desktop.profile @@ -45,5 +45,5 @@ shell none disable-mnt private-cache private-dev -private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/klatexformula.profile b/etc/klatexformula.profile index d584f6a56c6..c5e9c1dae61 100644 --- a/etc/klatexformula.profile +++ b/etc/klatexformula.profile @@ -40,4 +40,5 @@ tracelog private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,drirc,fonts,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/klavaro.profile b/etc/klavaro.profile index b6b53855763..07716381412 100644 --- a/etc/klavaro.profile +++ b/etc/klavaro.profile @@ -46,7 +46,7 @@ disable-mnt private-bin bash,klavaro,sh,tclsh,tclsh* private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp private-opt none private-srv none diff --git a/etc/kmail.profile b/etc/kmail.profile index 198b05a1125..4cdd0df8478 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -55,6 +55,7 @@ seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set # tracelog private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # private-tmp - interrupts connection to akonadi, breaks opening of email attachments # writable-run-user is needed for signing and encrypting emails writable-run-user diff --git a/etc/kodi.profile b/etc/kodi.profile index 86afe46b536..85bca3ebe0e 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile @@ -6,6 +6,7 @@ include kodi.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # noexec ${HOME} breaks plugins ignore noexec ${HOME} diff --git a/etc/konversation.profile b/etc/konversation.profile index dd3e9617fc5..241c6f785b6 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile @@ -37,6 +37,7 @@ tracelog private-bin kbuildsycoca4,konversation private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp # memory-deny-write-execute diff --git a/etc/kopete.profile b/etc/kopete.profile index e0bdce059e2..5cf27c60bf4 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile @@ -33,6 +33,7 @@ protocol unix,inet,inet6,netlink seccomp private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp writable-var diff --git a/etc/krita.profile b/etc/krita.profile index 49c36274ae2..a07ff98943f 100644 --- a/etc/krita.profile +++ b/etc/krita.profile @@ -6,6 +6,7 @@ include krita.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # noexec ${HOME} may break krita, see issue #1953 ignore noexec ${HOME} diff --git a/etc/krunner.profile b/etc/krunner.profile index c64113c1501..504ed8046f7 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile @@ -36,3 +36,4 @@ protocol unix,inet,inet6 seccomp # private-cache +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 2eb46a7e8b4..a2e45fd4010 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile @@ -54,6 +54,7 @@ shell none private-bin kbuildsycoca4,kdeinit4,ktorrent private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,fonts,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg # private-lib - problems on Arch private-tmp diff --git a/etc/ktouch.profile b/etc/ktouch.profile index 446bc50ee43..1ea948b20d5 100644 --- a/etc/ktouch.profile +++ b/etc/ktouch.profile @@ -46,5 +46,5 @@ disable-mnt private-bin ktouch private-cache private-dev -private-etc alternatives,fonts,kde5rc,machine-id +private-etc Trolltech.conf,X11,alternatives,bumblebee,drirc,fonts,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index d512dd100bb..d7a82396d43 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile @@ -41,5 +41,5 @@ tracelog disable-mnt private-bin kwin_x11 private-dev -private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg +private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,drirc,fonts,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 31ac1903945..ba8a26608e8 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -45,7 +45,7 @@ tracelog private-bin kbuildsycoca4,kdeinit4,kwrite private-dev -private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,drirc,fonts,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/leafpad.profile b/etc/leafpad.profile index 56a792c8e68..e6cc2f3eab8 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile @@ -34,6 +34,7 @@ shell none private-bin leafpad private-dev +#private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib private-tmp diff --git a/etc/less.profile b/etc/less.profile index 282b033a673..f2a96efc861 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -40,6 +40,7 @@ x11 none # private-lib private-cache private-dev +#private-etc alternatives,group,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,sysless,xdg writable-var-log memory-deny-write-execute diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index aa113883eaa..8b26e02e316 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -44,6 +44,7 @@ shell none tracelog private-dev +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp join-or-start libreoffice diff --git a/etc/liferea.profile b/etc/liferea.profile index 045adc1bfee..97295e1648f 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile @@ -49,5 +49,6 @@ shell none disable-mnt private-dev +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/lincity-ng.profile b/etc/lincity-ng.profile index b55ac9a153f..c3e25f1e75b 100644 --- a/etc/lincity-ng.profile +++ b/etc/lincity-ng.profile @@ -41,4 +41,5 @@ disable-mnt private-bin lincity-ng private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/links.profile b/etc/links.profile index bd0b0cc923e..38c1ee8da23 100644 --- a/etc/links.profile +++ b/etc/links.profile @@ -55,10 +55,9 @@ disable-mnt private-bin links,sh private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # Uncomment the following line (or put it in your links.local) allow external # media players -# private-etc alsa,asound.conf,machine-id,openal,pulse private-tmp memory-deny-write-execute diff --git a/etc/linphone.profile b/etc/linphone.profile index dc156b29853..84cc5df6ef7 100644 --- a/etc/linphone.profile +++ b/etc/linphone.profile @@ -39,5 +39,6 @@ shell none disable-mnt private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/lmms.profile b/etc/lmms.profile index 98ddd03e5bc..a04d20e1c6d 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile @@ -35,5 +35,6 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 1ce83822dc5..7d54336ea99 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile @@ -37,6 +37,6 @@ seccomp shell none private-dev -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg +private-etc X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/lugaru.profile b/etc/lugaru.profile index d8144157205..8f65cc0413e 100644 --- a/etc/lugaru.profile +++ b/etc/lugaru.profile @@ -46,4 +46,5 @@ disable-mnt private-bin lugaru private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 2b0feaa17ac..439357e437f 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile @@ -35,5 +35,6 @@ tracelog #private-bin luminance-hdr,luminance-hdr-cli,align_image_stack private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 74adb7a6754..d293251fcd7 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile @@ -32,5 +32,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index e1a37343e01..8b1499ec18f 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile @@ -35,5 +35,6 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/lynx.profile b/etc/lynx.profile index 06328531647..24dcc63aa16 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile @@ -34,5 +34,5 @@ tracelog # private-bin lynx private-cache private-dev -# private-etc alternatives,ca-certificates,crypto-policies,pki,ssl +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index 94d90780b99..2ad90ec8fbe 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile @@ -39,5 +39,6 @@ shell none private-bin align_image_stack,enfuse,env,exiftool,macrofusion,python* private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/makepkg.profile b/etc/makepkg.profile index 0120fc2cdd5..f518a44cd41 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile @@ -15,6 +15,7 @@ include globals.local # Enable severely restricted access to ${HOME}/.gnupg noblacklist ${HOME}/.gnupg +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg read-only ${HOME}/.gnupg/gpg.conf read-only ${HOME}/.gnupg/trustdb.gpg read-only ${HOME}/.gnupg/pubring.kbx diff --git a/etc/manaplus.profile b/etc/manaplus.profile index 93d409bf8b1..af512135784 100644 --- a/etc/manaplus.profile +++ b/etc/manaplus.profile @@ -45,4 +45,5 @@ disable-mnt private-bin manaplus private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile index e4da0c66a60..17472fe551e 100644 --- a/etc/masterpdfeditor.profile +++ b/etc/masterpdfeditor.profile @@ -36,6 +36,6 @@ tracelog private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 2f6020ad3dc..aa7b83f9ab3 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile @@ -41,7 +41,7 @@ shell none disable-mnt private-bin mate-calc,mate-calculator -private-etc alternatives,dconf,fonts,gtk-3.0 +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,tor,xdg private-dev private-opt none private-tmp diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index f1a7ca18f6a..a70e4cfecff 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile @@ -31,7 +31,7 @@ shell none disable-mnt private-bin mate-color-select -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-dev private-lib private-tmp diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index 49a7767660b..77ff8876509 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile @@ -35,7 +35,7 @@ shell none disable-mnt private-bin mate-dictionary -private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-opt mate-dictionary private-dev private-tmp diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 134a6ae6378..79f5b7c17f6 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile @@ -30,4 +30,4 @@ shell none private-bin mcabber private-dev -private-etc alternatives,ca-certificates,crypto-policies,pki,ssl +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 00730c00b3a..721950c7af3 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile @@ -39,7 +39,7 @@ x11 none private-bin mediainfo private-cache private-dev -private-etc alternatives +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index 95cd673c641..f404b1487ed 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile @@ -45,5 +45,6 @@ tracelog private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/megaglest.profile b/etc/megaglest.profile index 08eae6dfc4f..29953b86213 100644 --- a/etc/megaglest.profile +++ b/etc/megaglest.profile @@ -41,4 +41,5 @@ disable-mnt private-bin megaglest,megaglest_editor,megaglest_g3dviewer private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,tor,xdg private-tmp diff --git a/etc/meld.profile b/etc/meld.profile index 22ec2b99985..5100180f99b 100644 --- a/etc/meld.profile +++ b/etc/meld.profile @@ -63,8 +63,8 @@ tracelog private-bin bzr,cvs,git,hg,meld,python*,svn private-cache private-dev +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # Uncomment the next line (or put it into your meld.local) if you don't need to compare in /etc. -#private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,subversion private-tmp read-only ${HOME}/.ssh diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile index 1f02ff5c09d..888eb56922e 100644 --- a/etc/mendeleydesktop.profile +++ b/etc/mendeleydesktop.profile @@ -45,5 +45,6 @@ tracelog disable-mnt private-bin cat,env,gconftool-2,ln,mendeleydesktop,python*,sh,update-desktop-database,which private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/meteo-qt.profile b/etc/meteo-qt.profile index 4437d86ea83..0ed91358714 100644 --- a/etc/meteo-qt.profile +++ b/etc/meteo-qt.profile @@ -46,6 +46,7 @@ disable-mnt private-bin meteo-qt,python* private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/midori.profile b/etc/midori.profile index ffae4919f2c..f4f0fc2c9c7 100644 --- a/etc/midori.profile +++ b/etc/midori.profile @@ -6,6 +6,7 @@ include midori.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg # noexec ${HOME} breaks DRM binaries. ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} diff --git a/etc/minetest.profile b/etc/minetest.profile index 0439a1cccc7..506ef016bbd 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile @@ -44,6 +44,5 @@ disable-mnt private-bin minetest private-cache private-dev -# private-etc needs to be updated, see #1702 -#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 20370a5b546..d2d89808857 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile @@ -34,5 +34,6 @@ tracelog private-bin mousepad private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib private-tmp diff --git a/etc/mp3splt-gtk.profile b/etc/mp3splt-gtk.profile index e0936476bdf..ac711e22ff6 100644 --- a/etc/mp3splt-gtk.profile +++ b/etc/mp3splt-gtk.profile @@ -37,5 +37,5 @@ tracelog private-bin mp3splt-gtk private-cache private-dev -private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,machine-id,openal,pulse +private-etc X11,alsa,alternatives,asound.conf,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/mp3splt.profile b/etc/mp3splt.profile index 95173a890d5..532641912f4 100644 --- a/etc/mp3splt.profile +++ b/etc/mp3splt.profile @@ -43,7 +43,7 @@ disable-mnt private-bin flacsplt,mp3splt,mp3wrap,oggsplt private-cache private-dev -private-etc alternatives +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/mpDris2.profile b/etc/mpDris2.profile index fd0351db0e6..d6cf2682b5d 100644 --- a/etc/mpDris2.profile +++ b/etc/mpDris2.profile @@ -48,7 +48,7 @@ shell none private-bin mpDris2,notify-send,python* private-cache private-dev -private-etc alternatives,hosts,nsswitch.conf +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3* private-tmp diff --git a/etc/mpd.profile b/etc/mpd.profile index 80f4df7cb73..df9a8aa7afe 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile @@ -39,5 +39,6 @@ shell none #private-bin bash,mpd private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,default,fonts,gconf,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,mpd.conf,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/mpg123.profile b/etc/mpg123.profile index 6dfeb4586da..dbf7946ee3d 100644 --- a/etc/mpg123.profile +++ b/etc/mpg123.profile @@ -34,6 +34,7 @@ shell none #private-bin mpg123* private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/mplayer.profile b/etc/mplayer.profile index 9ab4f8c7f51..e2a6b5ef119 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile @@ -33,5 +33,6 @@ shell none private-bin mplayer private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,mplayer,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile index 546755ecb9c..c93d5ea3747 100644 --- a/etc/mpsyt.profile +++ b/etc/mpsyt.profile @@ -65,5 +65,6 @@ tracelog private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl #private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/mpv.profile b/etc/mpv.profile index 6e587fc6aac..db741f21fc2 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile @@ -48,3 +48,4 @@ private-bin env,mpv,python*,youtube-dl # Causes slow OSD, see #2838 #private-cache private-dev +#private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,glvnd,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,mpv,nsswitch.conf,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/ms-office.profile b/etc/ms-office.profile index 3bc674134f7..6b74b316a93 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile @@ -36,7 +36,7 @@ tracelog disable-mnt private-bin bash,env,fonts,jak,ms-office,python*,sh -private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-dev private-tmp diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 4753074188b..43eb4b3c39a 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile @@ -44,5 +44,6 @@ disable-mnt # private-bin works, but causes weirdness # private-bin apt-file,awk,bash,chmod,dirname,dnf,grep,java,kdialog,ldd,mkdir,multimc5,pfl,pkgfile,readlink,sort,valgrind,which,yum,zenity,zypper private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/mumble.profile b/etc/mumble.profile index 94ccbad0c2c..9d89e48a9f9 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile @@ -41,6 +41,7 @@ tracelog disable-mnt private-bin mumble +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 673c9fd0b78..f411cbcce62 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -38,7 +38,7 @@ tracelog # private-bin mupdf,rm,sh,tempfile private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index e131f5319fb..2156ce75a7d 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -31,3 +31,5 @@ noroot notv novideo seccomp + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg diff --git a/etc/musescore.profile b/etc/musescore.profile index 9750a31f445..c5b2ad387ce 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile @@ -38,4 +38,5 @@ shell none tracelog # private-bin musescore,mscore +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index a6b85a8e4de..f6f4850e8a4 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile @@ -32,5 +32,5 @@ seccomp disable-mnt private-dev -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/mutt.profile b/etc/mutt.profile index 92babd50fca..0564dcb2db8 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -55,4 +55,5 @@ seccomp shell none private-dev +#private-etc Muttrc,Muttrc.d,alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg writable-run-user diff --git a/etc/mypaint.profile b/etc/mypaint.profile index d75651d7856..a99a856cc08 100644 --- a/etc/mypaint.profile +++ b/etc/mypaint.profile @@ -44,6 +44,6 @@ tracelog private-cache private-dev -private-etc alternatives,dconf,fonts,gtk-3.0 +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/nano.profile b/etc/nano.profile index af6fcc3fe12..77e570ec49a 100644 --- a/etc/nano.profile +++ b/etc/nano.profile @@ -45,7 +45,7 @@ x11 none private-bin nano,rnano private-cache private-dev +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nano,nanorc,passwd,xdg # Comment the next line if you want to edit files in /etc directly -private-etc alternatives,nanorc memory-deny-write-execute diff --git a/etc/natron.profile b/etc/natron.profile index 7ad217b7294..ccd23f5fdab 100644 --- a/etc/natron.profile +++ b/etc/natron.profile @@ -34,3 +34,4 @@ seccomp shell none private-bin natron,Natron,NatronRenderer +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg diff --git a/etc/nautilus.profile b/etc/nautilus.profile index e003488de76..7aa20ef3ec4 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -41,4 +41,5 @@ tracelog # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files # private-bin nautilus # private-dev +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,ld.so.cache,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg # private-tmp diff --git a/etc/ncdu.profile b/etc/ncdu.profile index 0d791583961..e107958e430 100644 --- a/etc/ncdu.profile +++ b/etc/ncdu.profile @@ -27,6 +27,7 @@ shell none x11 none private-dev +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg # private-tmp memory-deny-write-execute diff --git a/etc/nemo.profile b/etc/nemo.profile index 6a62a3a0c28..6b3b3fd5bd5 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile @@ -36,3 +36,5 @@ protocol unix,inet,inet6 seccomp shell none + +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/netactview.profile b/etc/netactview.profile index 0618caf6804..9739c844f0c 100644 --- a/etc/netactview.profile +++ b/etc/netactview.profile @@ -45,7 +45,7 @@ disable-mnt private-bin netactview,netactview_polkit private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-lib private-tmp diff --git a/etc/nethack-vultures.profile b/etc/nethack-vultures.profile index 079f44ee7eb..ebdf62d0357 100644 --- a/etc/nethack-vultures.profile +++ b/etc/nethack-vultures.profile @@ -39,5 +39,6 @@ disable-mnt #private private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp writable-var diff --git a/etc/nethack.profile b/etc/nethack.profile index 3df63245108..ef81151f1a8 100644 --- a/etc/nethack.profile +++ b/etc/nethack.profile @@ -39,6 +39,7 @@ disable-mnt #private private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp writable-var diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 0ddb7bbbe51..7608b642afb 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile @@ -32,3 +32,4 @@ seccomp tracelog disable-mnt +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/neverball.profile b/etc/neverball.profile index 84c63454927..49d29234767 100644 --- a/etc/neverball.profile +++ b/etc/neverball.profile @@ -35,5 +35,6 @@ shell none disable-mnt private-bin neverball private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/newsboat.profile b/etc/newsboat.profile index e063abe5380..d07efb7b1cb 100644 --- a/etc/newsboat.profile +++ b/etc/newsboat.profile @@ -41,7 +41,7 @@ disable-mnt private-bin newsboat private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,terminfo +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/nheko.profile b/etc/nheko.profile index 119b3023980..29a0fb1fc76 100644 --- a/etc/nheko.profile +++ b/etc/nheko.profile @@ -37,5 +37,6 @@ tracelog disable-mnt private-bin nheko +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index 28879d09b3e..166293f785d 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile @@ -42,7 +42,7 @@ disable-mnt private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui private-cache private-dev -private-etc alternatives,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare private-tmp diff --git a/etc/nomacs.profile b/etc/nomacs.profile index 7a7ff504ac9..eede2130e96 100644 --- a/etc/nomacs.profile +++ b/etc/nomacs.profile @@ -41,7 +41,7 @@ tracelog #private-bin nomacs private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,login.defs,machine-id,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/nylas.profile b/etc/nylas.profile index c959eb991bd..2ec9136f346 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile @@ -36,3 +36,4 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/nyx.profile b/etc/nyx.profile index c4475c75c9f..c7a7c69e160 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile @@ -45,7 +45,7 @@ disable-mnt private-bin nyx,python* private-cache private-dev -private-etc alternatives,fonts,passwd,tor +private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-opt none private-srv none private-tmp diff --git a/etc/obs.profile b/etc/obs.profile index 4277bdab351..1975ae90bc5 100644 --- a/etc/obs.profile +++ b/etc/obs.profile @@ -39,5 +39,6 @@ tracelog private-bin bash,obs,obs-ffmpeg-mux,python*,sh private-cache private-dev +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile index acc249000ea..5e0b8241020 100644 --- a/etc/ocenaudio.profile +++ b/etc/ocenaudio.profile @@ -45,7 +45,7 @@ tracelog private-bin ocenaudio private-cache private-dev -private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 719753c8798..789a63c9410 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile @@ -36,6 +36,6 @@ x11 none private-bin odt2txt private-cache private-dev -private-etc alternatives +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp read-only ${HOME} diff --git a/etc/okular.profile b/etc/okular.profile index 1dc8c9482a6..9d49d5f7f44 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -52,7 +52,7 @@ tracelog private-bin kbuildsycoca4,kdeinit4,lpr,okular private-dev -private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,xdg +private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,drirc,fonts,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients # memory-deny-write-execute diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile index 5bfcd052789..f6ab06f82ac 100644 --- a/etc/onionshare-gui.profile +++ b/etc/onionshare-gui.profile @@ -36,6 +36,7 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-tmp memory-deny-write-execute diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 5925ccc0921..0e42747e7dd 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile @@ -34,4 +34,5 @@ shell none # private-bin open-invaders private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/openarena.profile b/etc/openarena.profile index c83e78e2c05..c7c5d8bfffb 100644 --- a/etc/openarena.profile +++ b/etc/openarena.profile @@ -39,5 +39,5 @@ shell none # private-bin openarena private-cache private-dev -# private-etc drirc,machine-id,openal,passwd,selinux,udev,xdg +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/openbox.profile b/etc/openbox.profile index 1fb93c79c2b..bf4ac6863d7 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile @@ -16,5 +16,6 @@ noroot protocol unix,inet,inet6 seccomp +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,menu-methods,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg read-only ${HOME}/.config/openbox/autostart read-only ${HOME}/.config/openbox/environment diff --git a/etc/opencity.profile b/etc/opencity.profile index 6a27c809568..99cba2aab81 100644 --- a/etc/opencity.profile +++ b/etc/opencity.profile @@ -41,4 +41,5 @@ disable-mnt private-bin opencity private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/openclonk.profile b/etc/openclonk.profile index da60006b38d..756e1db7061 100644 --- a/etc/openclonk.profile +++ b/etc/openclonk.profile @@ -41,4 +41,5 @@ disable-mnt private-bin c4group,openclonk private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/openshot.profile b/etc/openshot.profile index 0222243edf7..03accd06375 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile @@ -37,5 +37,6 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/openttd.profile b/etc/openttd.profile index 5de4d325dac..74120dbd3f8 100644 --- a/etc/openttd.profile +++ b/etc/openttd.profile @@ -41,4 +41,5 @@ disable-mnt private-bin openttd private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/orage.profile b/etc/orage.profile index 4e12892d6c1..716cd4818ff 100644 --- a/etc/orage.profile +++ b/etc/orage.profile @@ -35,5 +35,6 @@ shell none disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,timezone,xdg private-tmp diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile index bef78412664..1ffd91b5bdd 100644 --- a/etc/ostrichriders.profile +++ b/etc/ostrichriders.profile @@ -41,5 +41,6 @@ disable-mnt private-bin ostrichriders private-cache # private-dev should be commented for controllers +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-dev private-tmp diff --git a/etc/pandoc.profile b/etc/pandoc.profile index 57b5d7e3900..97ecb5e2207 100644 --- a/etc/pandoc.profile +++ b/etc/pandoc.profile @@ -45,7 +45,7 @@ disable-mnt private-bin context,latex,mktexfmt,pandoc,pdflatex,pdfroff,prince,weasyprint,wkhtmltopdf private-cache private-dev -private-etc alternatives,texlive +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/parole.profile b/etc/parole.profile index e7a0694edbd..a2d23d0431c 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -27,4 +27,4 @@ shell none private-bin dbus-launch,parole private-cache -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,pulse,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/patch.profile b/etc/patch.profile index 03f5a4b71f7..6b1a3b5a6eb 100644 --- a/etc/patch.profile +++ b/etc/patch.profile @@ -40,6 +40,7 @@ x11 none private-bin patch,red private-dev +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-lib libfakeroot memory-deny-write-execute diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile index 5bbe1386fa3..4787ad27f57 100644 --- a/etc/pavucontrol.profile +++ b/etc/pavucontrol.profile @@ -44,7 +44,7 @@ disable-mnt private-bin pavucontrol private-cache private-dev -private-etc alternatives,asound.conf,avahi,fonts,machine-id,pulse +private-etc X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-lib private-tmp diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 7f2a0d67346..fa4cd1315e4 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile @@ -31,3 +31,5 @@ protocol unix seccomp shell none tracelog + +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index 98a9f184002..4b4b5369726 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile @@ -35,7 +35,7 @@ shell none private-bin pdfchain,pdftk,sh private-dev -private-etc alternatives,dconf,fonts,gtk-3.0,xdg +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index 177070e8399..db8ccf6b52a 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile @@ -39,5 +39,6 @@ seccomp shell none private-dev +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,mono,pango,passwd,xdg private-tmp diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 48f4241906b..56f8aa0061d 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile @@ -39,5 +39,6 @@ shell none private-bin archlinux-java,awk,bash,dirname,expr,find,grep,java,java-config,ls,pdfsam,readlink,sh,sort,uname,which private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index e9572d914b2..022765c9de8 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -42,5 +42,5 @@ x11 none private-bin pdftotext private-dev -private-etc alternatives +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp diff --git a/etc/peek.profile b/etc/peek.profile index 8cbff0c643b..68f81638b42 100644 --- a/etc/peek.profile +++ b/etc/peek.profile @@ -36,6 +36,7 @@ shell none # private-bin breaks gif mode, mp4 and webm mode work fine however # private-bin convert,ffmpeg,peek private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/picard.profile b/etc/picard.profile index 15fc7a4547d..a409629ab2a 100644 --- a/etc/picard.profile +++ b/etc/picard.profile @@ -39,5 +39,6 @@ seccomp shell none private-dev +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 2e421574451..447f92fd27a 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -6,6 +6,7 @@ include pidgin.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg ignore noexec ${RUNUSER} ignore noexec /dev/shm diff --git a/etc/ping.profile b/etc/ping.profile index 11dbbcd58cf..9d43b2a7143 100644 --- a/etc/ping.profile +++ b/etc/ping.profile @@ -42,8 +42,7 @@ disable-mnt private #private-bin has mammoth problems with execvp: "No such file or directory" private-dev -# /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! -#private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-tmp # memory-deny-write-execute is built using seccomp; nonewprivs will kill it diff --git a/etc/pingus.profile b/etc/pingus.profile index a3adc55a2b9..2adaebf247c 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile @@ -34,4 +34,5 @@ shell none # private-bin pingus private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/pinta.profile b/etc/pinta.profile index 8151bc98f17..6ef081b8f02 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile @@ -35,6 +35,7 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-cache private-tmp diff --git a/etc/pioneer.profile b/etc/pioneer.profile index c5b9366171b..3fe5b4685fa 100644 --- a/etc/pioneer.profile +++ b/etc/pioneer.profile @@ -41,4 +41,5 @@ disable-mnt private-bin modelcompiler,pioneer,savegamedump private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/pithos.profile b/etc/pithos.profile index ad56ce52584..0e1f460b02d 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile @@ -38,5 +38,6 @@ shell none disable-mnt private-bin env,pithos,python* private-dev +private-etc X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/pitivi.profile b/etc/pitivi.profile index 89a6a020b05..221a797cc06 100644 --- a/etc/pitivi.profile +++ b/etc/pitivi.profile @@ -37,5 +37,6 @@ seccomp shell none private-dev +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,matplotlibrc,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/pix.profile b/etc/pix.profile index 9864ed71891..6b7a79977b3 100644 --- a/etc/pix.profile +++ b/etc/pix.profile @@ -33,4 +33,5 @@ tracelog private-bin pix private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile index 03091af6d23..152792fe57e 100644 --- a/etc/playonlinux.profile +++ b/etc/playonlinux.profile @@ -35,3 +35,5 @@ nonewprivs noroot notv seccomp + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/pluma.profile b/etc/pluma.profile index dadfcc44e3f..02928d38538 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile @@ -42,6 +42,7 @@ tracelog private-bin pluma private-dev +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib aspell,gconv,libgspell-1.so.*,libreadline.so.*,libtinfo.so.*,pluma private-tmp diff --git a/etc/pngquant.profile b/etc/pngquant.profile index 8c06cef1acd..37e1ce59bf0 100644 --- a/etc/pngquant.profile +++ b/etc/pngquant.profile @@ -41,7 +41,7 @@ x11 none private-bin pngquant private-cache private-dev -private-etc alternatives +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/polari.profile b/etc/polari.profile index b9f81eecedc..1ea27a6bdb1 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -44,5 +44,6 @@ tracelog disable-mnt private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 97029000275..9051b4e2f64 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile @@ -35,8 +35,8 @@ seccomp shell none # private-dev is disabled to allow controller support +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg #private-dev -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl private-opt ppsspp private-tmp diff --git a/etc/pragha.profile b/etc/pragha.profile index 019c1a547fe..c3b0ff7fc26 100644 --- a/etc/pragha.profile +++ b/etc/pragha.profile @@ -33,6 +33,6 @@ seccomp shell none private-dev -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg +private-etc X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/profanity.profile b/etc/profanity.profile index 6ca9314e9d5..6a5efd370c3 100644 --- a/etc/profanity.profile +++ b/etc/profanity.profile @@ -44,7 +44,7 @@ shell none private-bin profanity private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 087f90966dd..1b3a1a30648 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -41,5 +41,6 @@ shell none disable-mnt private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,fonts,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index 034c144c71d..a92cb3f3c84 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile @@ -41,6 +41,6 @@ shell none disable-mnt private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg +private-etc PyBitMessage,PyBitMessage.conf,Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index 9ee426a9561..1a2c8724c60 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile @@ -29,7 +29,7 @@ novideo shell none tracelog -# private-etc alternatives,fonts,passwd - minimal required to run but will probably break +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # program! private-cache private-dev diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index fe9caec779c..37e80f49526 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -53,7 +53,7 @@ shell none private-bin python*,qbittorrent private-dev -# private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-tmp # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index ac60384fd3b..b1db32dc1bb 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile @@ -24,6 +24,7 @@ shell none tracelog private-cache +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp noexec /tmp diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index 47b9d6a9a11..85b49aca14c 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile @@ -24,6 +24,7 @@ shell none tracelog private-cache +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,qemu,qemu-ifdown,qemu-ifup,resolv.conf,rpc,services,ssl,xdg private-tmp noexec /tmp diff --git a/etc/qgis.profile b/etc/qgis.profile index 88ed0cd8127..e5760a68510 100644 --- a/etc/qgis.profile +++ b/etc/qgis.profile @@ -53,5 +53,5 @@ tracelog disable-mnt private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/qlipper.profile b/etc/qlipper.profile index fb9dca48fc8..7e8c34fad34 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile @@ -34,5 +34,6 @@ shell none disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/qmmp.profile b/etc/qmmp.profile index b69bbdef100..a52d09326fa 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile @@ -33,5 +33,6 @@ tracelog private-bin bzip2,gzip,qmmp,tar,unzip private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 863f57ba420..a04286a113e 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile @@ -39,4 +39,5 @@ tracelog private-bin qpdfview private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/qtox.profile b/etc/qtox.profile index cb2a789204d..a65c465cc54 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -43,7 +43,7 @@ disable-mnt private-bin qtox private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/quassel.profile b/etc/quassel.profile index a78d1edcd8e..fd932477573 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -22,4 +22,5 @@ protocol unix,inet,inet6 seccomp private-cache +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 8dbdffdc8ca..e73122f38cb 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -50,5 +50,5 @@ tracelog disable-mnt private-bin quiterss private-dev -# private-etc alternatives,ca-certificates,crypto-policies,pki,ssl,X11 +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 95c1894582d..5df6f1a8dc4 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -38,3 +38,5 @@ protocol unix,inet,inet6,netlink # blacklisting of chroot system calls breaks qt webengine seccomp !chroot # tracelog + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,group,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/rambox.profile b/etc/rambox.profile index 6f7f37aaf1d..5462ee3d3cb 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile @@ -33,3 +33,5 @@ notv protocol unix,inet,inet6,netlink seccomp # tracelog + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/ranger.profile b/etc/ranger.profile index bcf39095beb..1591df82097 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -40,3 +40,4 @@ seccomp #x11 none private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,ranger,xdg diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile index bb1ad56d390..4eb95f85443 100644 --- a/etc/redeclipse.profile +++ b/etc/redeclipse.profile @@ -35,5 +35,6 @@ shell none disable-mnt private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/redshift.profile b/etc/redshift.profile index 0f6d34ed08e..2229dccb2f1 100644 --- a/etc/redshift.profile +++ b/etc/redshift.profile @@ -46,6 +46,7 @@ tracelog disable-mnt private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/regextester.profile b/etc/regextester.profile index e307489460d..f070435ce3c 100644 --- a/etc/regextester.profile +++ b/etc/regextester.profile @@ -44,7 +44,7 @@ disable-mnt private-bin regextester private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib libgranite.so.* private-tmp diff --git a/etc/remmina.profile b/etc/remmina.profile index e85ceca1324..a2a6e2ade60 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile @@ -35,5 +35,6 @@ shell none private-cache private-dev +private-etc SuSE-release,UnitedLinux-release,X11,alsa,alternatives,annvix-release,arch-release,arklinux-release,asound.conf,aurox-release,blackcat-release,bumblebee,ca-certificates,cobalt-release,conectiva-release,crypto-policies,dbus-1,dconf,debian_release,debian_version,drirc,e-smith-release,fedora-release,fonts,gconf,gentoo-release,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,immunix-release,knoppix_version,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,lfs-release,linuxppc-release,locale,locale.alias,locale.conf,localtime,lsb-release,machine-id,mandrake-release,mandrakelinux-release,mandriva-release,mime.types,mklinux-release,nld-release,novell-release,nsswitch.conf,os-release,pango,passwd,pki,pld-release,protocols,pulse,redhat-release,redhat_version,release,resolv.conf,rpc,services,slackware-release,slackware-version,sles-release,solus-release,ssl,sun-release,tinysofa-release,turbolinux-release,ultrapenguin-release,va-release,xdg,yellowdog-release private-tmp diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index ad8b1015eff..653e403ed9f 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -45,4 +45,5 @@ tracelog private-bin rhythmbox,rhythmbox-client private-dev +#private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/ricochet.profile b/etc/ricochet.profile index 1b8fbbc97d4..3d987451fc2 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile @@ -37,5 +37,5 @@ shell none disable-mnt private-bin ricochet,tor private-dev -#private-etc alternatives,alternatives,ca-certificates,crypto-policies,fonts,pki,ssl,tor,X11 +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,tor,xdg diff --git a/etc/ristretto.profile b/etc/ristretto.profile index 8fcbb203c75..cc1a53313da 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile @@ -34,5 +34,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/rsync-download_only.profile b/etc/rsync-download_only.profile index bda3bca92c5..ccc9d0b1c45 100644 --- a/etc/rsync-download_only.profile +++ b/etc/rsync-download_only.profile @@ -49,7 +49,7 @@ disable-mnt private-bin rsync private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl +private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 0b4d6e1b1d3..2e2dc94d751 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -30,4 +30,5 @@ shell none private-bin rtorrent private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-tmp diff --git a/etc/sayonara.profile b/etc/sayonara.profile index 8f0544f3386..4bc724e6706 100644 --- a/etc/sayonara.profile +++ b/etc/sayonara.profile @@ -31,5 +31,6 @@ tracelog private-bin sayonara private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/scallion.profile b/etc/scallion.profile index dee9e1f40bc..91e57984893 100644 --- a/etc/scallion.profile +++ b/etc/scallion.profile @@ -39,4 +39,5 @@ shell none disable-mnt private private-dev +#private-etc alternatives,bumblebee,drirc,glvnd,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp diff --git a/etc/scorched3d.profile b/etc/scorched3d.profile index e94d436cf16..950d8e80fe1 100644 --- a/etc/scorched3d.profile +++ b/etc/scorched3d.profile @@ -41,4 +41,5 @@ disable-mnt private-bin scorched3d,scorched3d-wrapper,scorched3dc,scorched3ds private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/scribus.profile b/etc/scribus.profile index e20cd1b5a60..4780e23d8bc 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile @@ -58,5 +58,6 @@ tracelog # private-bin gimp*,gs,scribus private-dev +private-etc Trolltech.conf,X11,alternatives,bumblebee,drirc,fonts,gimp,glvnd,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index a367acad586..9de0b599251 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile @@ -39,4 +39,5 @@ shell none private-bin env,python*,sdat2img private-cache private-dev +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg diff --git a/etc/seahorse.profile b/etc/seahorse.profile index 5a742d05fe6..e4f32b5d278 100644 --- a/etc/seahorse.profile +++ b/etc/seahorse.profile @@ -56,5 +56,5 @@ tracelog disable-mnt private-cache private-dev -private-etc ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssh,ssl,X11 +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg writable-run-user diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 807effbebe9..673010eb69b 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -52,4 +52,4 @@ seccomp tracelog disable-mnt -# private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index d26096c772d..f0d4c7ca7e1 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile @@ -43,6 +43,7 @@ x11 none private-cache private-dev +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/shotcut.profile b/etc/shotcut.profile index 5b3c5439d6a..f2bb073999f 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile @@ -6,6 +6,7 @@ include shotcut.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg ignore noexec ${HOME} noblacklist ${HOME}/.config/Meltytech diff --git a/etc/signal-cli.profile b/etc/signal-cli.profile index bb1bf732df0..0de9bf15278 100644 --- a/etc/signal-cli.profile +++ b/etc/signal-cli.profile @@ -45,6 +45,6 @@ disable-mnt private-bin java,sh,signal-cli private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # Does not work with all Java configurations. You will notice immediately, so you might want to give it a try -#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java-10-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java.conf,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl private-tmp diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index f810a37ecd2..b24e7108770 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile @@ -5,6 +5,7 @@ include signal-desktop.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg ignore noexec /tmp noblacklist ${HOME}/.config/Signal diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index cfc33d07482..0b1ec3630e5 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile @@ -34,6 +34,7 @@ disable-mnt private private-bin python*,sa-solver,silentarmy private-dev +#private-etc alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,glvnd,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-opt none private-tmp diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index ff6de9ec241..e9417c8c5d2 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile @@ -36,5 +36,5 @@ tracelog # private-bin simple-scan # private-dev -# private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # private-tmp diff --git a/etc/simplescreenrecorder.profile b/etc/simplescreenrecorder.profile index 5f8ab360fcb..b3a8f08e1a0 100644 --- a/etc/simplescreenrecorder.profile +++ b/etc/simplescreenrecorder.profile @@ -34,6 +34,7 @@ tracelog private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp memory-deny-write-execute diff --git a/etc/simutrans.profile b/etc/simutrans.profile index c6f5f70b046..d88bfeb2f80 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile @@ -34,4 +34,5 @@ shell none # private-bin simutrans private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 6f9bfd20132..35e72afacb9 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile @@ -32,4 +32,5 @@ shell none # private-bin kbuildsycoca4,kdeinit4,skanlite # private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,glvnd,hosts,host.conf,hostname,kde4rc,kde5rc,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg # private-tmp diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index 341c25a9558..dce7997ef18 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile @@ -6,6 +6,7 @@ include skypeforlinux.local include globals.local # breaks Skype +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg ignore noexec /tmp noblacklist ${HOME}/.config/skypeforlinux diff --git a/etc/slack.profile b/etc/slack.profile index 54069f65715..a5b1fb5c53b 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -35,5 +35,5 @@ disable-mnt private-bin locale,slack private-cache private-dev -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/slashem.profile b/etc/slashem.profile index 8c84180d7be..af00e5489dc 100644 --- a/etc/slashem.profile +++ b/etc/slashem.profile @@ -39,6 +39,7 @@ disable-mnt #private private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp writable-var diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 395888c8a02..5d8e0e1b7e7 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile @@ -43,5 +43,6 @@ shell none private-bin env,mplayer,mpv,python*,smplayer,smtube,youtube-dl private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/smtube.profile b/etc/smtube.profile index 98e0229cefd..dfe67e37711 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile @@ -43,5 +43,6 @@ shell none #no private-bin because users can add their own players to smtube and that would prevent that private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/sol.profile b/etc/sol.profile index ea1620b31b3..6af247fdc39 100644 --- a/etc/sol.profile +++ b/etc/sol.profile @@ -38,6 +38,7 @@ disable-mnt private-bin sol private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp # memory-deny-write-execute diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index bdd6eb7f5dc..29184f7e67b 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile @@ -46,5 +46,6 @@ shell none private-cache private-dev +private-etc X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile index 3306181e48e..a366b757064 100644 --- a/etc/spectre-meltdown-checker.profile +++ b/etc/spectre-meltdown-checker.profile @@ -45,6 +45,7 @@ disable-mnt private private-bin awk,bzip2,cat,coreos-install,cpucontrol,cut,dd,dirname,dmesg,dnf,echo,grep,gunzip,gz,gzip,head,id,kldload,kldstat,liblz4-tool,lzop,mktemp,modinfo,modprobe,mount,nm,objdump,od,perl,printf,readelf,rm,sed,seq,sh,sort,spectre-meltdown-checker,spectre-meltdown-checker.sh,stat,strings,sysctl,tail,test,toolbox,tr,uname,which,xz-utils private-cache +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/spotify.profile b/etc/spotify.profile index 59692f1d6aa..4bfbbe6e637 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -44,8 +44,7 @@ tracelog disable-mnt private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity private-dev -# Comment the next line or put 'ignore private-etc' in your spotify.local if want to see the albums covers or if you want to use the radio -private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,spotify,ssl,xdg private-opt spotify private-srv none private-tmp diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 94bb4d3f261..4c84686067a 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile @@ -40,7 +40,7 @@ shell none private-bin sqlitebrowser private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 8e355a176b1..b3f76f4b5af 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile @@ -33,3 +33,5 @@ shell none tracelog writable-run-user + +#private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,group,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/ssh.profile b/etc/ssh.profile index 1551c3fb65a..0b821ad1308 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -40,6 +40,7 @@ tracelog private-cache private-dev +#private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssh,ssl,system-fips,xdg # private-tmp # Breaks when exiting writable-run-user diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index aa6902854f4..ecced0eede9 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile @@ -38,6 +38,6 @@ seccomp !chroot disable-mnt private-dev +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp -private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,pki,resolv.conf,ssl,xdg diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index a8b5d109e89..2afcbe179bc 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile @@ -5,6 +5,7 @@ include start-tor-browser.local # Persistent global definitions include globals.local +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg ignore noexec ${HOME} include disable-common.inc @@ -36,5 +37,4 @@ shell none disable-mnt private-bin bash,cat,cp,cut,dirname,env,getconf,gpg,grep,gxmessage,id,kdialog,ln,mkdir,pwd,readlink,realpath,rm,sed,sh,tail,test,update-desktop-database,xmessage,zenity private-dev -private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/steam.profile b/etc/steam.profile index bc90af837ac..f5a45d4254f 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -69,7 +69,6 @@ shell none #private-bin eog,eom,gthumb,pix,viewnior,xviewer # private-dev should be commented for controllers +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,lsb-release,machine-id,mime.types,mono,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-dev -# private-etc breaks a small selection of games on some systems, comment to support those -private-etc alternatives,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl private-tmp diff --git a/etc/stellarium.profile b/etc/stellarium.profile index d6df2e0ad7f..48c6989d076 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -41,5 +41,6 @@ tracelog disable-mnt private-bin stellarium private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/strings.profile b/etc/strings.profile index 52b76210898..9101f51a17c 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -43,7 +43,7 @@ x11 none #private-bin strings private-cache private-dev -#private-etc alternatives +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg #private-lib libfakeroot private-tmp diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile index 828f3d32795..a7d677e355d 100644 --- a/etc/subdownloader.profile +++ b/etc/subdownloader.profile @@ -40,7 +40,7 @@ shell none private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 4c64ee766c9..0f9c60e55c2 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile @@ -36,4 +36,5 @@ shell none disable-mnt # private-bin supertux2 private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 2975a61ed96..8897de18049 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile @@ -49,7 +49,7 @@ disable-mnt private-bin supertuxkart private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp private-opt none private-srv none diff --git a/etc/surf.profile b/etc/surf.profile index d4c6d9afcba..d95c07c1cae 100644 --- a/etc/surf.profile +++ b/etc/surf.profile @@ -34,6 +34,6 @@ tracelog disable-mnt private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,passwd,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile index 64de64eb45c..7c7e829bd7b 100644 --- a/etc/sylpheed.profile +++ b/etc/sylpheed.profile @@ -29,4 +29,5 @@ seccomp shell none private-dev +#private-etc X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 30b0ad76201..de0cc24fa8a 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile @@ -34,5 +34,6 @@ shell none #private-bin ffmpeg,synfig,synfigstudio private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/sysprof.profile b/etc/sysprof.profile index 9188df70948..267da48082f 100644 --- a/etc/sysprof.profile +++ b/etc/sysprof.profile @@ -40,7 +40,7 @@ disable-mnt #private-bin sysprof - breaks GUI help menu private-cache private-dev -private-etc alternatives,fonts,ld.so.cache,machine-id,ssl +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # private-lib breaks GUI help menu #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so private-tmp diff --git a/etc/tar.profile b/etc/tar.profile index 3fba96eeeb3..6f91cd9b7fb 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -7,6 +7,7 @@ include tar.local # Persistent global definitions include globals.local +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,rmt,xdg # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. noblacklist /var/lib/pacman @@ -43,7 +44,6 @@ x11 none private-bin bash,bzip2,compress,firejail,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz private-cache private-dev -private-etc alternatives,group,localtime,passwd private-lib libfakeroot # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) writable-var diff --git a/etc/tcpdump.profile b/etc/tcpdump.profile index 3c46dfdcbf8..ecf7bd3b518 100644 --- a/etc/tcpdump.profile +++ b/etc/tcpdump.profile @@ -39,6 +39,7 @@ disable-mnt #private #private-bin tcpdump private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,group,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile index d9e874be2b6..e4317ce7ab8 100644 --- a/etc/teams-for-linux.profile +++ b/etc/teams-for-linux.profile @@ -38,5 +38,5 @@ disable-mnt private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh private-cache private-dev -private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile index c1c666f5868..f315bf8f4b9 100644 --- a/etc/teamspeak3.profile +++ b/etc/teamspeak3.profile @@ -38,5 +38,6 @@ shell none disable-mnt private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/teeworlds.profile b/etc/teeworlds.profile index 782f337d3b5..7d166837a88 100644 --- a/etc/teeworlds.profile +++ b/etc/teeworlds.profile @@ -41,4 +41,5 @@ disable-mnt private-bin teeworlds private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/telegram.profile b/etc/telegram.profile index e3af5600a1e..ad45ec84a71 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile @@ -25,5 +25,6 @@ seccomp disable-mnt private-cache +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/terasology.profile b/etc/terasology.profile index 9a8426435b0..146d279e046 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile @@ -5,6 +5,7 @@ include terasology.local # Persistent global definitions include globals.local +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,java.conf,java-10-openjdk,java-9-openjdk,java-8-openjdk,java-7-openjdk,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,lsb-release,machine-id,mime.types,pango,passwd,pulse,xdg ignore noexec /tmp noblacklist ${HOME}/.local/share/terasology @@ -43,5 +44,4 @@ shell none disable-mnt private-dev -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/tilp.profile b/etc/tilp.profile index 4d38d5184cf..2c2cfd710fd 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile @@ -30,6 +30,6 @@ tracelog disable-mnt private-bin tilp private-cache -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/tor.profile b/etc/tor.profile index 13d07163570..9bbf26cb407 100644 --- a/etc/tor.profile +++ b/etc/tor.profile @@ -46,6 +46,6 @@ private private-bin bash,tor private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,default,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,tor,xdg private-tmp writable-var diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 1183cd2f706..320ed263bc4 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile @@ -6,6 +6,7 @@ include torbrowser-launcher.local # Persistent global definitions include globals.local +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,tor,xdg ignore noexec ${HOME} noblacklist ${HOME}/.config/torbrowser @@ -50,5 +51,4 @@ shell none disable-mnt private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity private-dev -private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/torcs.profile b/etc/torcs.profile index d9c59b276b2..ea2a6fc78f3 100644 --- a/etc/torcs.profile +++ b/etc/torcs.profile @@ -40,4 +40,5 @@ tracelog disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp diff --git a/etc/totem.profile b/etc/totem.profile index 5b74709e3b8..ce4721f9b38 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -40,6 +40,6 @@ private-bin totem # totem needs access to ~/.cache/tracker or it exits #private-cache private-dev -# private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl +private-etc X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/tracker.profile b/etc/tracker.profile index 6e107d99e2f..080be7dad10 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile @@ -33,4 +33,5 @@ tracelog # private-bin tracker # private-dev +#private-etc alternatives,dbus-1,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,passwd,xdg # private-tmp diff --git a/etc/transgui.profile b/etc/transgui.profile index 567e2ab30a8..5fd9f6b36eb 100644 --- a/etc/transgui.profile +++ b/etc/transgui.profile @@ -45,7 +45,7 @@ tracelog private-bin geoiplookup,geoiplookup6,transgui private-cache private-dev -private-etc alternatives,fonts +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.* private-tmp diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile index a8b667e91b5..013122b56c5 100644 --- a/etc/transmission-common.profile +++ b/etc/transmission-common.profile @@ -41,6 +41,7 @@ shell none tracelog private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-lib private-tmp diff --git a/etc/tremulous.profile b/etc/tremulous.profile index e148298ae79..ecb318531eb 100644 --- a/etc/tremulous.profile +++ b/etc/tremulous.profile @@ -41,4 +41,5 @@ disable-mnt private-bin tremded,tremulous,tremulous-wrapper private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/truecraft.profile b/etc/truecraft.profile index e76d522199f..071351cb522 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile @@ -35,5 +35,6 @@ shell none disable-mnt private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,mono,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/tshark.profile b/etc/tshark.profile index 0decb95cfb9..070e8eaa9b9 100644 --- a/etc/tshark.profile +++ b/etc/tshark.profile @@ -40,4 +40,5 @@ disable-mnt private-cache #private-bin tshark private-dev +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,group,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index ae868a02266..bbee3b14668 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile @@ -37,6 +37,7 @@ seccomp tracelog private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp # noexec ${HOME} - tuxguitar may fail to launch diff --git a/etc/udiskie.profile b/etc/udiskie.profile index f6e85d60e4b..936ee027c6e 100644 --- a/etc/udiskie.profile +++ b/etc/udiskie.profile @@ -41,5 +41,5 @@ private-bin awk,cut,dbus-send,egrep,file,grep,head,python*,readlink,sed,sh,udisk # private-bin thunar private-cache private-dev -private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/uefitool.profile b/etc/uefitool.profile index 8ab0e9a2600..ad9450ec2d5 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile @@ -34,5 +34,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index ec1ac48a258..01cf4f4ed03 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -33,4 +33,5 @@ shell none private-bin uget-gtk private-dev +#private-etc X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/unbound.profile b/etc/unbound.profile index 67448d766a5..93ec38c9ec3 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -42,6 +42,7 @@ seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_ disable-mnt private private-dev +#private-etc alternatives,ca-certificates,crypto-policies,group,hosts,host.conf,hostname,insserv.conf.d,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,resolvconf,rpc,services,ssl,unbound,xdg private-tmp writable-var diff --git a/etc/unf.profile b/etc/unf.profile index 1f0b2aa32c4..b7a22924553 100644 --- a/etc/unf.profile +++ b/etc/unf.profile @@ -46,8 +46,8 @@ disable-mnt private-bin unf private-cache ?HAS_APPIMAGE: ignore private-dev +private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-dev -private-etc alternatives private-lib libgcc_s.so.* private-tmp diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index 7223ea2e140..b55c77e3c2f 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile @@ -30,5 +30,5 @@ shell none # private-bin unknown-horizons private-dev -# private-etc alternatives,ca-certificates,crypto-policies,pki,ssl +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/unrar.profile b/etc/unrar.profile index 428173e7d43..db872f6f229 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -37,5 +37,5 @@ x11 none private-bin unrar private-dev -private-etc alternatives,group,localtime,passwd +private-etc alternatives,group,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-tmp diff --git a/etc/unzip.profile b/etc/unzip.profile index 60e4470494e..14a8ffd436d 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -40,4 +40,4 @@ x11 none private-bin unzip private-dev -private-etc alternatives,group,localtime,passwd +private-etc alternatives,group,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg diff --git a/etc/utox.profile b/etc/utox.profile index 9877ea889d0..0bce15d9d8b 100644 --- a/etc/utox.profile +++ b/etc/utox.profile @@ -42,7 +42,7 @@ disable-mnt private-bin utox private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,openal,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 60a7f0d20f1..dc70ceee57e 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile @@ -39,4 +39,4 @@ x11 none private-bin uudeview private-cache private-dev -private-etc alternatives,ld.so.preload +private-etc alternatives,bumblebee,drirc,glvnd,group,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index d4e54235b4d..499628bfa45 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile @@ -38,3 +38,5 @@ notv protocol unix,inet,inet6 seccomp tracelog + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/viewnior.profile b/etc/viewnior.profile index f9241c7e013..64e1d7bbb49 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile @@ -42,7 +42,7 @@ tracelog private-bin viewnior private-cache private-dev -private-etc alternatives,fonts,machine-id +private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg private-tmp #memory-deny-write-execute - breaks on Arch (see issues #1803 and #1808) diff --git a/etc/viking.profile b/etc/viking.profile index 5b6228a94eb..97c62b78e1b 100644 --- a/etc/viking.profile +++ b/etc/viking.profile @@ -33,5 +33,6 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/vim.profile b/etc/vim.profile index d27a9a6338e..ee58c16f7fb 100644 --- a/etc/vim.profile +++ b/etc/vim.profile @@ -30,3 +30,4 @@ protocol unix,inet,inet6 seccomp private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,vimrc,xdg diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index c0dbc9116b8..df98533503f 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile @@ -30,3 +30,5 @@ caps.keep net_raw,sys_admin,sys_nice netfilter nodvd notv + +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,default,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,vbox,xdg diff --git a/etc/vlc.profile b/etc/vlc.profile index 572758f283a..317fa5130c9 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -36,6 +36,7 @@ shell none private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp # mdwe is disabled due to breaking hardware accelerated decoding diff --git a/etc/vym.profile b/etc/vym.profile index fbb53943c30..2689b0c250b 100644 --- a/etc/vym.profile +++ b/etc/vym.profile @@ -32,5 +32,6 @@ shell none disable-mnt private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/w3m.profile b/etc/w3m.profile index 76531d3159b..22a002dfba7 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -38,5 +38,5 @@ tracelog # private-bin w3m private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,w3m,xdg private-tmp diff --git a/etc/warsow.profile b/etc/warsow.profile index e884ab07a62..b7f35752cbf 100644 --- a/etc/warsow.profile +++ b/etc/warsow.profile @@ -6,6 +6,7 @@ include warsow.local # Persistent global definitions include globals.local +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg ignore noexec ${HOME} noblacklist ${HOME}/.cache/warsow-2.1 diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index e65e0a0c3c1..8072a4e420e 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile @@ -39,4 +39,5 @@ tracelog disable-mnt private-bin warzone2100 private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/webstorm.profile b/etc/webstorm.profile index fc4e8e571cf..a573c05b490 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile @@ -38,4 +38,5 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/webui-aria2.profile b/etc/webui-aria2.profile index 0cd1e05ab70..fd846d4d2f5 100644 --- a/etc/webui-aria2.profile +++ b/etc/webui-aria2.profile @@ -33,5 +33,6 @@ shell none private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/weechat.profile b/etc/weechat.profile index a94275c2c1b..816ba627658 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile @@ -25,3 +25,5 @@ seccomp # no private-bin support for various reasons: # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins + +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 934edfce9c5..949119cc341 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -35,4 +35,5 @@ protocol unix,inet,inet6 seccomp private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/wget.profile b/etc/wget.profile index 4bf35465231..00fa2dc5f64 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -35,6 +35,6 @@ shell none # private-bin wget private-dev -# private-etc alternatives,ca-certificates,crypto-policie,pki,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,wgetrc,xdg # private-tmp diff --git a/etc/whalebird.profile b/etc/whalebird.profile index 26932b6b3ad..11cc86d022f 100644 --- a/etc/whalebird.profile +++ b/etc/whalebird.profile @@ -41,5 +41,5 @@ disable-mnt private-bin whalebird private-cache private-dev -private-etc fonts,machine-id +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/whois.profile b/etc/whois.profile index fed3709e5e3..61c7dc8c77a 100644 --- a/etc/whois.profile +++ b/etc/whois.profile @@ -40,7 +40,7 @@ private private-bin bash,sh,whois private-cache private-dev -# private-etc alternatives,hosts,services,whois.conf +#private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,jwhois.conf,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,whois,whois.conf,xdg private-lib private-tmp diff --git a/etc/widelands.profile b/etc/widelands.profile index c6b5f27da3c..e1c9e0259ba 100644 --- a/etc/widelands.profile +++ b/etc/widelands.profile @@ -41,4 +41,5 @@ disable-mnt private-bin widelands private-cache private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/wine.profile b/etc/wine.profile index 67e3952e14a..4372c6aae14 100644 --- a/etc/wine.profile +++ b/etc/wine.profile @@ -33,3 +33,4 @@ notv seccomp private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index 490255fa6fc..7874ada23e3 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile @@ -36,5 +36,5 @@ shell none disable-mnt private-bin bash,electron,electron4,env,sh,wire-desktop private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/wireshark.profile b/etc/wireshark.profile index d73e2e27937..6859efb4ea0 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile @@ -45,6 +45,6 @@ tracelog # private-bin wireshark private-dev -# private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,machine-id,passwd,pki,ssl +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index e21b740309a..3d425a9a131 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile @@ -17,5 +17,6 @@ protocol unix seccomp private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg noexec /tmp diff --git a/etc/xcalc.profile b/etc/xcalc.profile index 0ad423d30b7..ca5c9d2c76e 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile @@ -36,6 +36,7 @@ disable-mnt private private-bin xcalc private-dev +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg private-lib private-tmp diff --git a/etc/xchat.profile b/etc/xchat.profile index a94444aaba4..ec16b8080a6 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile @@ -21,3 +21,4 @@ protocol unix,inet,inet6 seccomp # private-bin requires perl, python*, etc. +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/xed.profile b/etc/xed.profile index a67230e512f..a03c3efd359 100644 --- a/etc/xed.profile +++ b/etc/xed.profile @@ -44,6 +44,7 @@ tracelog private-bin xed private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp # xed uses python plugins, memory-deny-write-execute breaks python diff --git a/etc/xfburn.profile b/etc/xfburn.profile index cd9561e7492..1e6fe3edf15 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile @@ -29,4 +29,5 @@ tracelog # private-bin xfburn # private-dev +#private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg # private-tmp diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index bc499bd30f2..d6c88db2979 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile @@ -33,5 +33,6 @@ shell none disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile index 6ef85f31853..6c71fbc98d9 100644 --- a/etc/xfce4-mixer.profile +++ b/etc/xfce4-mixer.profile @@ -45,7 +45,7 @@ disable-mnt private-bin xfce4-mixer,xfconf-query private-cache private-dev -private-etc alternatives,asound.conf,fonts,machine-id,pulse +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp memory-deny-write-execute diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 4dad1bf7a0b..145fb4fd284 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile @@ -35,5 +35,6 @@ shell none disable-mnt private-cache private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 7114f046976..703a33568b4 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile @@ -46,5 +46,5 @@ disable-mnt private-bin xiphos private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssli,sword,sword.conf +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,sword,sword.conf,xdg private-tmp diff --git a/etc/xmms.profile b/etc/xmms.profile index 7a11e12440a..a4cf335bd5d 100644 --- a/etc/xmms.profile +++ b/etc/xmms.profile @@ -29,3 +29,4 @@ shell none private-bin xmms private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index c6ba9bd9de3..49270c5fb70 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile @@ -37,7 +37,7 @@ disable-mnt private ${HOME}/.xmr-stak private-bin xmr-stak private-dev -private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl +private-etc Trolltech.conf,X11,alternatives,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend private-opt cuda private-tmp diff --git a/etc/xonotic.profile b/etc/xonotic.profile index f4f828eda9e..5f4dedd5c81 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile @@ -37,6 +37,6 @@ shell none disable-mnt private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl private-dev -private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 8c405ba1d2a..e3576e02a2e 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile @@ -37,5 +37,6 @@ seccomp shell none private-dev +#private-etc Trolltech.conf,X11,alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,xdg,xpdf private-tmp diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 325ce7627f5..641a7f0d127 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -39,6 +39,6 @@ tracelog private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer private-dev -# private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/xpra.profile b/etc/xpra.profile index 1033a747129..e4b43570a56 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile @@ -50,5 +50,5 @@ disable-mnt # older Xpra versions also use Xvfb # private-bin bash,cat,dbus-launch,ldconfig,ls,pactl,python*,sh,strace,which,xauth,xkbcomp,Xorg,xpra,Xvfb private-dev -# private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,nsswitch.conf,resolv.conf,X11,xpra +#private-etc alternatives,bumblebee,dbus-1,default,drirc,glvnd,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,passwd,xdg,xpra private-tmp diff --git a/etc/xreader.profile b/etc/xreader.profile index 643c5a317d2..b7b7178d7ef 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -39,7 +39,7 @@ tracelog private-bin xreader,xreader-previewer,xreader-thumbnailer private-dev -private-etc alternatives,fonts,ld.so.cache +private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp memory-deny-write-execute diff --git a/etc/xviewer.profile b/etc/xviewer.profile index b09bf8ab125..48f9ce17351 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -39,6 +39,7 @@ tracelog private-bin xviewer private-dev +#private-etc Trolltech.conf,X11,alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-lib private-tmp diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 93c288d6e46..840bb0f49dd 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile @@ -35,3 +35,4 @@ tracelog x11 none private-dev +#private-etc alternatives,group,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg diff --git a/etc/yelp.profile b/etc/yelp.profile index 41138cd1724..9ebcd66322a 100644 --- a/etc/yelp.profile +++ b/etc/yelp.profile @@ -44,7 +44,7 @@ disable-mnt private-bin yelp private-cache private-dev -private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,gtk-3.0,machine-id,openal,os-release,pulse,sgml,xml +private-etc X11,alsa,alternatives,asound.conf,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg private-tmp # read-only ${HOME} breaks some not necesarry featrues, comment it if diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 74c07d96b6a..691153f06b7 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile @@ -8,6 +8,7 @@ include youtube-dl.local include globals.local # breaks when installed under ${HOME} via `pip install --user` (see #2833) +private-etc alternatives,ca-certificates,crypto-policies,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg,youtube-dl,youtube-dl.conf ignore noexec ${HOME} noblacklist ${HOME}/.cache/youtube-dl @@ -56,7 +57,6 @@ tracelog private-bin env,ffmpeg,python*,youtube-dl private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,mime.types,pki,resolv.conf,ssl,youtube-dl.conf private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile index 6228ff3bd2a..1c16cfbc31f 100644 --- a/etc/zaproxy.profile +++ b/etc/zaproxy.profile @@ -43,5 +43,6 @@ shell none disable-mnt private-dev +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/zart.profile b/etc/zart.profile index 347bed8b665..5a3078a7939 100644 --- a/etc/zart.profile +++ b/etc/zart.profile @@ -33,4 +33,5 @@ shell none private-bin ffmpeg,ffplay,ffprobe,melt,zart private-dev +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,pulse,xdg diff --git a/etc/zathura.profile b/etc/zathura.profile index 68a5701ee25..ad9c09b17e3 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -38,7 +38,7 @@ tracelog private-bin zathura private-cache private-dev -private-etc alternatives,fonts,machine-id +private-etc Trolltech.conf,X11,alternatives,bumblebee,dbus-1,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,xdg private-tmp mkdir ${HOME}/.config/zathura diff --git a/etc/zeal.profile b/etc/zeal.profile index f0fa29aa3a7..b7ff963bc55 100644 --- a/etc/zeal.profile +++ b/etc/zeal.profile @@ -50,7 +50,7 @@ disable-mnt private-bin zeal private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg +private-etc Trolltech.conf,X11,alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg private-tmp memory-deny-write-execute diff --git a/etc/zoom.profile b/etc/zoom.profile index 6d312aff618..8b169d8ca19 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile @@ -30,4 +30,5 @@ notv protocol unix,inet,inet6 seccomp +#private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,dconf,drirc,fonts,gconf,glvnd,group,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg private-tmp diff --git a/etc/zstd.profile b/etc/zstd.profile index ea7bbfb0d29..8cb8fa85316 100644 --- a/etc/zstd.profile +++ b/etc/zstd.profile @@ -38,5 +38,6 @@ x11 none private-cache private-dev +#private-etc alternatives,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,mime.types,passwd,xdg memory-deny-write-execute diff --git a/etc/zulip.profile b/etc/zulip.profile index 999c2f77ac7..2db2e280f87 100644 --- a/etc/zulip.profile +++ b/etc/zulip.profile @@ -6,6 +6,7 @@ include zulip.local # Persistent global definitions include globals.local +private-etc Trolltech.conf,X11,alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hosts,host.conf,hostname,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,xdg ignore noexec /tmp noblacklist ${HOME}/.config/Zulip @@ -43,5 +44,4 @@ disable-mnt private-bin locale,zulip private-cache private-dev -private-etc asound.conf,fonts,machine-id private-tmp