From 8de8cce7ebf9a5e7e9c1fc00dab21c3f563a60dd Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Mon, 6 Feb 2023 15:57:34 -0300 Subject: [PATCH] Revert "private-etc: big profile changes" This reverts commit 5d0822c52c9a5e631676899e9642911d9143dba8 and later commits that touch the same files (which is necessary in order to revert the commit in question). There seems to be a non-trivial amount of changes done in error in the big refactor from commit 5d0822c52 ("private-etc: big profile changes", 2023-02-05). For example, there are profiles for CLI programs (including man.profile) and servers that now contain the @x11 group: $ git grep -l '^private-etc .*@x11' -- etc # [...] etc/profile-a-l/email-common.profile:private-etc @tls-ca,@x11,gnupg,hosts.conf,mailname,timezone etc/profile-m-z/man.profile:private-etc @x11,groff,man_db.conf,manpath.config,sysless etc/profile-m-z/mutt.profile:private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo etc/profile-m-z/neomutt.profile:private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver etc/profile-m-z/nextcloud.profile:private-etc @tls-ca,@x11,Nextcloud,host.conf,os-release etc/profile-m-z/nodejs-common.profile:private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services Note: These are just the ones that I immediately noticed; it is possible that there are many that I missed. Part of the issue is that the groups appear to be inconsistent and rather broad. For exmaple, paths related to 3D graphics (vulkan) and audio (openal) are in the @games group, which are not used only by games and not all games use those standards/libraries. As another example, the @x11 group contains paths related to GTK, KDE and GPU hardware acceleration, even though those are not necessarily tied to X11 (and even though hardware acceleration may be used by headless programs). Replacing the known paths with groups that are not very granular results in loss of information about what exactly a profile actually needs and so makes the profiles less self-documenting. Note also that a given path could potentially belong to multiple groups, which would preclude using the "etc-cleanup" tool (in its current form at least), as it would not know which is the correct group to replace the path with. Command used to revert the changes: $ git revert \ 1be9bb3c78b3f129eb2a9fefc07211694c700e4e \ e889db095873197e999c84077fe28c135b49e43c \ e6f2374d557c94616b9b9db0bcebe0bbd5d78d88 \ acb0154ea2a71edf935f7c45cc280b0244937336 \ 740f502aeef509ddec89679d2a9fc24270a8c953 \ 5649bd4568f194eb93eaefb7619d92b57fd27e9c \ 2e4e9d13add71bd0b96246e54e209a29583644b6 \ 0f996ea4de584dc061faf21853d61a600da1a1d8 \ 5d0822c52c9a5e631676899e9642911d9143dba8 Note: This reverts commits from PRs #5641 #5642 #5643, most of which are later re-applied. Relates to #5610. --- .gitignore | 1 - Makefile | 3 +- etc/profile-a-l/1password.profile | 2 +- etc/profile-a-l/abiword.profile | 2 +- etc/profile-a-l/agetpkg.profile | 2 +- etc/profile-a-l/alacarte.profile | 2 +- etc/profile-a-l/alienarena.profile | 2 +- etc/profile-a-l/alpine.profile | 2 +- etc/profile-a-l/anki.profile | 2 +- etc/profile-a-l/apostrophe.profile | 2 +- etc/profile-a-l/aria2c.profile | 2 +- etc/profile-a-l/arm.profile | 2 +- etc/profile-a-l/artha.profile | 2 +- etc/profile-a-l/atool.profile | 2 +- etc/profile-a-l/atril.profile | 2 +- etc/profile-a-l/audio-recorder.profile | 2 +- etc/profile-a-l/authenticator-rs.profile | 2 +- etc/profile-a-l/authenticator.profile | 2 +- etc/profile-a-l/ballbuster.profile | 2 +- etc/profile-a-l/bibletime.profile | 2 +- etc/profile-a-l/bijiben.profile | 2 +- etc/profile-a-l/bitwarden.profile | 2 +- etc/profile-a-l/bless.profile | 2 +- etc/profile-a-l/blobby.profile | 2 +- etc/profile-a-l/blobwars.profile | 2 +- etc/profile-a-l/bsdtar.profile | 2 +- etc/profile-a-l/cameramonitor.profile | 2 +- etc/profile-a-l/cargo.profile | 2 +- etc/profile-a-l/cawbird.profile | 2 +- etc/profile-a-l/celluloid.profile | 2 +- etc/profile-a-l/chatterino.profile | 2 +- etc/profile-a-l/cheese.profile | 2 +- etc/profile-a-l/clawsker.profile | 2 +- etc/profile-a-l/cmus.profile | 2 +- etc/profile-a-l/cointop.profile | 2 +- etc/profile-a-l/colorful.profile | 2 +- .../com.github.bleakgrey.tootle.profile | 2 +- .../com.github.dahenson.agenda.profile | 2 +- .../com.github.johnfactotum.Foliate.profile | 2 +- .../com.github.phase1geo.minder.profile | 2 +- .../com.github.tchx84.Flatseal.profile | 2 +- etc/profile-a-l/coyim.profile | 2 +- etc/profile-a-l/crow.profile | 2 +- etc/profile-a-l/d-feet.profile | 2 +- etc/profile-a-l/dbus-send.profile | 2 +- etc/profile-a-l/dconf-editor.profile | 2 +- etc/profile-a-l/dconf.profile | 2 +- etc/profile-a-l/ddgtk.profile | 2 +- etc/profile-a-l/devhelp.profile | 2 +- etc/profile-a-l/devilspie.profile | 2 +- etc/profile-a-l/dig.profile | 2 +- etc/profile-a-l/discord-common.profile | 2 +- etc/profile-a-l/display.profile | 2 +- etc/profile-a-l/dolphin-emu.profile | 2 +- etc/profile-a-l/drawio.profile | 2 +- etc/profile-a-l/easystroke.profile | 2 +- etc/profile-a-l/electron-mail.profile | 2 +- etc/profile-a-l/electrum.profile | 2 +- etc/profile-a-l/email-common.profile | 2 +- etc/profile-a-l/enchant.profile | 2 +- etc/profile-a-l/eo-common.profile | 2 +- etc/profile-a-l/ephemeral.profile | 2 +- etc/profile-a-l/equalx.profile | 2 +- etc/profile-a-l/evince.profile | 2 +- etc/profile-a-l/exiftool.profile | 2 +- etc/profile-a-l/falkon.profile | 2 +- etc/profile-a-l/fdns.profile | 2 +- etc/profile-a-l/feh-network.inc.profile | 2 +- etc/profile-a-l/feh.profile | 2 +- etc/profile-a-l/ffmpeg.profile | 2 +- etc/profile-a-l/ffplay.profile | 2 +- etc/profile-a-l/file-roller.profile | 2 +- etc/profile-a-l/firefox-common.profile | 4 +- etc/profile-a-l/flameshot.profile | 2 +- etc/profile-a-l/fractal.profile | 2 +- etc/profile-a-l/freemind.profile | 2 +- etc/profile-a-l/freetube.profile | 2 +- etc/profile-a-l/frogatto.profile | 2 +- etc/profile-a-l/gajim.profile | 2 +- etc/profile-a-l/galculator.profile | 2 +- etc/profile-a-l/gallery-dl.profile | 2 +- etc/profile-a-l/gapplication.profile | 2 +- etc/profile-a-l/gcloud.profile | 2 +- etc/profile-a-l/gconf.profile | 2 +- etc/profile-a-l/geary.profile | 2 +- etc/profile-a-l/geekbench.profile | 2 +- etc/profile-a-l/gfeeds.profile | 2 +- etc/profile-a-l/gget.profile | 2 +- etc/profile-a-l/ghostwriter.profile | 2 +- etc/profile-a-l/gimp.profile | 2 +- etc/profile-a-l/gist.profile | 2 +- etc/profile-a-l/git-cola.profile | 2 +- etc/profile-a-l/gitter.profile | 2 +- etc/profile-a-l/gl-117.profile | 2 +- etc/profile-a-l/glaxium.profile | 2 +- etc/profile-a-l/gmpc.profile | 2 +- etc/profile-a-l/gnome-calendar.profile | 2 +- etc/profile-a-l/gnome-characters.profile | 2 +- etc/profile-a-l/gnome-chess.profile | 2 +- etc/profile-a-l/gnome-clocks.profile | 2 +- etc/profile-a-l/gnome-hexgl.profile | 2 +- etc/profile-a-l/gnome-latex.profile | 2 +- etc/profile-a-l/gnome-logs.profile | 2 +- etc/profile-a-l/gnome-maps.profile | 2 +- etc/profile-a-l/gnome-music.profile | 2 +- etc/profile-a-l/gnome-passwordsafe.profile | 2 +- etc/profile-a-l/gnome-pie.profile | 2 +- etc/profile-a-l/gnome-pomodoro.profile | 2 +- etc/profile-a-l/gnome-recipes.profile | 2 +- etc/profile-a-l/gnome-screenshot.profile | 2 +- etc/profile-a-l/gnome-sound-recorder.profile | 2 +- etc/profile-a-l/gnome-system-log.profile | 2 +- etc/profile-a-l/gnome-todo.profile | 2 +- etc/profile-a-l/gnome_games-common.profile | 2 +- etc/profile-a-l/gnote.profile | 2 +- etc/profile-a-l/gnubik.profile | 2 +- etc/profile-a-l/godot.profile | 2 +- etc/profile-a-l/goldendict.profile | 2 +- etc/profile-a-l/googler-common.profile | 2 +- etc/profile-a-l/gpicview.profile | 2 +- etc/profile-a-l/gpredict.profile | 2 +- etc/profile-a-l/gradio.profile | 2 +- ...ravity-beams-and-evaporating-stars.profile | 2 +- etc/profile-a-l/gtk-update-icon-cache.profile | 2 +- etc/profile-a-l/gucharmap.profile | 2 +- etc/profile-a-l/guvcview.profile | 2 +- etc/profile-a-l/gwenview.profile | 2 +- etc/profile-a-l/homebank.profile | 2 +- etc/profile-a-l/host.profile | 2 +- etc/profile-a-l/hyperrogue.profile | 2 +- etc/profile-a-l/i2prouter.profile | 2 +- .../io.github.lainsce.Notejot.profile | 2 +- etc/profile-a-l/ipcalc.profile | 2 +- etc/profile-a-l/jerry.profile | 2 +- etc/profile-a-l/jitsi-meet-desktop.profile | 2 +- etc/profile-a-l/jumpnbump.profile | 2 +- etc/profile-a-l/kalgebra.profile | 2 +- etc/profile-a-l/kazam.profile | 2 +- etc/profile-a-l/kcalc.profile | 2 +- etc/profile-a-l/keepassx.profile | 2 +- etc/profile-a-l/keepassxc.profile | 2 +- etc/profile-a-l/kid3.profile | 2 +- etc/profile-a-l/kiwix-desktop.profile | 2 +- etc/profile-a-l/klavaro.profile | 2 +- etc/profile-a-l/ktouch.profile | 2 +- etc/profile-a-l/kube.profile | 2 +- etc/profile-a-l/kwin_x11.profile | 2 +- etc/profile-a-l/kwrite.profile | 2 +- etc/profile-a-l/lifeograph.profile | 2 +- etc/profile-a-l/links-common.profile | 2 +- etc/profile-a-l/linuxqq.profile | 2 +- etc/profile-a-l/lollypop.profile | 2 +- etc/profile-a-l/lyx.profile | 2 +- etc/profile-m-z/PCSX2.profile | 2 +- etc/profile-m-z/QMediathekView.profile | 2 +- etc/profile-m-z/QOwnNotes.profile | 2 +- etc/profile-m-z/Viber.profile | 2 +- etc/profile-m-z/Xvfb.profile | 2 +- etc/profile-m-z/magicor.profile | 2 +- etc/profile-m-z/man.profile | 2 +- etc/profile-m-z/marker.profile | 2 +- etc/profile-m-z/masterpdfeditor.profile | 2 +- etc/profile-m-z/mate-calc.profile | 2 +- etc/profile-m-z/mate-color-select.profile | 2 +- etc/profile-m-z/mate-dictionary.profile | 2 +- etc/profile-m-z/mattermost-desktop.profile | 2 +- etc/profile-m-z/mcabber.profile | 2 +- etc/profile-m-z/mcomix.profile | 2 +- etc/profile-m-z/mdr.profile | 2 +- etc/profile-m-z/mediainfo.profile | 2 +- etc/profile-m-z/menulibre.profile | 2 +- etc/profile-m-z/mindless.profile | 2 +- etc/profile-m-z/minecraft-launcher.profile | 2 +- etc/profile-m-z/minitube.profile | 2 +- etc/profile-m-z/mirage.profile | 2 +- etc/profile-m-z/mirrormagic.profile | 2 +- etc/profile-m-z/mocp.profile | 2 +- etc/profile-m-z/mp3splt-gtk.profile | 2 +- etc/profile-m-z/mp3splt.profile | 2 +- etc/profile-m-z/mpDris2.profile | 2 +- etc/profile-m-z/mrrescue.profile | 2 +- etc/profile-m-z/ms-office.profile | 2 +- etc/profile-m-z/mupdf-x11-curl.profile | 2 +- etc/profile-m-z/mupdf.profile | 2 +- etc/profile-m-z/musictube.profile | 2 +- etc/profile-m-z/musixmatch.profile | 2 +- etc/profile-m-z/mutt.profile | 2 +- etc/profile-m-z/mypaint.profile | 2 +- etc/profile-m-z/nano.profile | 2 +- etc/profile-m-z/neochat.profile | 2 +- etc/profile-m-z/neomutt.profile | 2 +- etc/profile-m-z/netactview.profile | 2 +- etc/profile-m-z/neverball.profile | 2 +- etc/profile-m-z/newsboat.profile | 2 +- etc/profile-m-z/newsflash.profile | 2 +- etc/profile-m-z/nextcloud.profile | 2 +- etc/profile-m-z/nheko.profile | 2 +- etc/profile-m-z/nitroshare.profile | 2 +- etc/profile-m-z/nodejs-common.profile | 2 +- etc/profile-m-z/nomacs.profile | 2 +- etc/profile-m-z/notify-send.profile | 2 +- etc/profile-m-z/nslookup.profile | 2 +- etc/profile-m-z/nuclear.profile | 2 +- etc/profile-m-z/nyx.profile | 2 +- etc/profile-m-z/ocenaudio.profile | 2 +- etc/profile-m-z/odt2txt.profile | 2 +- etc/profile-m-z/okular.profile | 2 +- etc/profile-m-z/onboard.profile | 2 +- etc/profile-m-z/openarena.profile | 2 +- etc/profile-m-z/openmw.profile | 2 +- etc/profile-m-z/otter-browser.profile | 2 +- etc/profile-m-z/pandoc.profile | 2 +- etc/profile-m-z/parole.profile | 2 +- etc/profile-m-z/pavucontrol.profile | 2 +- etc/profile-m-z/pcsxr.profile | 2 +- etc/profile-m-z/pdfchain.profile | 2 +- etc/profile-m-z/pdftotext.profile | 2 +- etc/profile-m-z/peek.profile | 2 +- etc/profile-m-z/photoflare.profile | 2 +- etc/profile-m-z/pinball.profile | 2 +- etc/profile-m-z/ping.profile | 2 +- etc/profile-m-z/pingus.profile | 2 +- etc/profile-m-z/pkglog.profile | 2 +- etc/profile-m-z/plv.profile | 2 +- etc/profile-m-z/pngquant.profile | 2 +- etc/profile-m-z/ppsspp.profile | 2 +- etc/profile-m-z/pragha.profile | 2 +- etc/profile-m-z/profanity.profile | 2 +- etc/profile-m-z/psi.profile | 2 +- etc/profile-m-z/pybitmessage.profile | 2 +- etc/profile-m-z/qcomicbook.profile | 2 +- etc/profile-m-z/qgis.profile | 2 +- etc/profile-m-z/qnapi.profile | 2 +- etc/profile-m-z/qrencode.profile | 2 +- etc/profile-m-z/qtox.profile | 2 +- etc/profile-m-z/quaternion.profile | 2 +- etc/profile-m-z/quodlibet.profile | 2 +- etc/profile-m-z/qutebrowser.profile | 2 +- etc/profile-m-z/raincat.profile | 2 +- etc/profile-m-z/rednotebook.profile | 2 +- etc/profile-m-z/regextester.profile | 2 +- etc/profile-m-z/rsync-download_only.profile | 2 +- etc/profile-m-z/rtv.profile | 2 +- etc/profile-m-z/scorchwentbonkers.profile | 2 +- etc/profile-m-z/seafile-applet.profile | 2 +- etc/profile-m-z/seahorse-adventures.profile | 2 +- etc/profile-m-z/seahorse.profile | 2 +- etc/profile-m-z/shortwave.profile | 2 +- etc/profile-m-z/shotwell.profile | 2 +- etc/profile-m-z/signal-cli.profile | 2 +- etc/profile-m-z/signal-desktop.profile | 2 +- etc/profile-m-z/slack.profile | 2 +- etc/profile-m-z/smuxi-frontend-gnome.profile | 2 +- etc/profile-m-z/softmaker-common.profile | 2 +- etc/profile-m-z/spectacle.profile | 2 +- etc/profile-m-z/spectral.profile | 2 +- etc/profile-m-z/spotify.profile | 2 +- etc/profile-m-z/sqlitebrowser.profile | 2 +- etc/profile-m-z/standardnotes-desktop.profile | 2 +- etc/profile-m-z/steam.profile | 2 +- etc/profile-m-z/strawberry.profile | 2 +- etc/profile-m-z/subdownloader.profile | 2 +- etc/profile-m-z/supertux2.profile | 2 +- etc/profile-m-z/supertuxkart.profile | 2 +- etc/profile-m-z/surf.profile | 2 +- etc/profile-m-z/sysprof.profile | 2 +- etc/profile-m-z/tar.profile | 2 +- etc/profile-m-z/teams-for-linux.profile | 2 +- etc/profile-m-z/telegram.profile | 2 +- etc/profile-m-z/terasology.profile | 2 +- etc/profile-m-z/tesseract.profile | 2 +- etc/profile-m-z/tilp.profile | 2 +- etc/profile-m-z/tin.profile | 2 +- etc/profile-m-z/tor.profile | 2 +- etc/profile-m-z/torbrowser-launcher.profile | 2 +- etc/profile-m-z/transgui.profile | 2 +- etc/profile-m-z/transmission-cli.profile | 2 +- etc/profile-m-z/transmission-daemon.profile | 2 +- .../transmission-remote-gtk.profile | 2 +- etc/profile-m-z/transmission-remote.profile | 2 +- etc/profile-m-z/transmission-show.profile | 2 +- etc/profile-m-z/trojita.profile | 2 +- etc/profile-m-z/tutanota-desktop.profile | 2 +- etc/profile-m-z/twitch.profile | 2 +- etc/profile-m-z/udiskie.profile | 2 +- etc/profile-m-z/unf.profile | 2 +- etc/profile-m-z/unrar.profile | 2 +- etc/profile-m-z/unzip.profile | 2 +- etc/profile-m-z/utox.profile | 2 +- etc/profile-m-z/uudeview.profile | 2 +- etc/profile-m-z/viewnior.profile | 2 +- etc/profile-m-z/virtualbox.profile | 2 +- etc/profile-m-z/vmware-view.profile | 2 +- etc/profile-m-z/vmware.profile | 2 +- etc/profile-m-z/w3m.profile | 2 +- etc/profile-m-z/warmux.profile | 2 +- etc/profile-m-z/whalebird.profile | 2 +- etc/profile-m-z/whois.profile | 2 +- etc/profile-m-z/wire-desktop.profile | 2 +- etc/profile-m-z/wordwarvi.profile | 2 +- etc/profile-m-z/xbill.profile | 2 +- etc/profile-m-z/xfce4-mixer.profile | 2 +- etc/profile-m-z/xfce4-screenshooter.profile | 2 +- etc/profile-m-z/xiphos.profile | 2 +- etc/profile-m-z/xlinks.profile | 2 +- etc/profile-m-z/xlinks2.profile | 2 +- etc/profile-m-z/xmr-stak.profile | 2 +- etc/profile-m-z/xonotic.profile | 2 +- etc/profile-m-z/xournal.profile | 2 +- etc/profile-m-z/xournalpp.profile | 2 +- etc/profile-m-z/xreader.profile | 2 +- etc/profile-m-z/yelp.profile | 2 +- etc/profile-m-z/youtube-dl-gui.profile | 2 +- etc/profile-m-z/youtube-dl.profile | 2 +- .../youtube-viewers-common.profile | 2 +- etc/profile-m-z/youtube.profile | 2 +- .../youtubemusic-nativefier.profile | 2 +- etc/profile-m-z/yt-dlp.profile | 2 +- etc/profile-m-z/ytmdesktop.profile | 2 +- etc/profile-m-z/zathura.profile | 2 +- etc/profile-m-z/zeal.profile | 2 +- etc/profile-m-z/zim.profile | 2 +- etc/profile-m-z/zulip.profile | 2 +- src/etc-cleanup/Makefile | 9 -- src/include/etc_groups.h | 4 - .../main.c => tools/cleanup_etc.c} | 118 +++++++----------- 326 files changed, 371 insertions(+), 408 deletions(-) delete mode 100644 src/etc-cleanup/Makefile rename src/{etc-cleanup/main.c => tools/cleanup_etc.c} (65%) diff --git a/.gitignore b/.gitignore index aae7b817d45..db3b16893d5 100644 --- a/.gitignore +++ b/.gitignore @@ -47,7 +47,6 @@ src/fcopy/fcopy src/fldd/fldd src/fbuilder/fbuilder src/profstats/profstats -src/etc-cleanup/etc-cleanup src/bash_completion/firejail.bash_completion src/zsh_completion/_firejail src/jailcheck/jailcheck diff --git a/Makefile b/Makefile index 010f7f0aab9..0d93747afb2 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ endif COMPLETIONDIRS = src/zsh_completion src/bash_completion -APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck src/etc-cleanup/etc-cleanup +APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee src/fids/fids SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter src/fzenity/fzenity SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp @@ -200,7 +200,6 @@ endif install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats - install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/etc-cleanup/etc-cleanup # plugins w/o read permission (non-dumpable) install -m 0711 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS_NON_DUMPABLE) install -m 0711 -t $(DESTDIR)$(libdir)/firejail src/fshaper/fshaper.sh diff --git a/etc/profile-a-l/1password.profile b/etc/profile-a-l/1password.profile index b340ad22887..bc8bfae0d2a 100644 --- a/etc/profile-a-l/1password.profile +++ b/etc/profile-a-l/1password.profile @@ -11,7 +11,7 @@ noblacklist ${HOME}/.config/1Password mkdir ${HOME}/.config/1Password whitelist ${HOME}/.config/1Password -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl # Needed for keychain things, talking to Firefox, possibly other things? Not sure how to narrow down ignore dbus-user none diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index a0eed24ca7c..eb7a5254f9c 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile @@ -41,7 +41,7 @@ tracelog private-bin abiword private-cache private-dev -private-etc @x11 +private-etc alternatives,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd private-tmp # dbus-user none diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 7a36302f14d..96c56d85d2c 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile @@ -49,7 +49,7 @@ tracelog private-bin agetpkg,python3 private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 22a303cdd54..9612ffdd2da 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile @@ -52,7 +52,7 @@ disable-mnt # private-bin alacarte,bash,python*,sh private-cache private-dev -private-etc @tls-ca,@x11,mime.types +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg private-tmp dbus-user none diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index 9f9bd975a7c..0f7407f05e3 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile @@ -43,7 +43,7 @@ disable-mnt private-bin alienarena private-cache private-dev -private-etc @tls-ca,@x11,bumblebee,glvnd,host.conf,rpc,services +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11 private-tmp dbus-user none diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 5ccb9896f04..4e994c025e7 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile @@ -90,7 +90,7 @@ disable-mnt private-bin alpine private-cache private-dev -private-etc @tls-ca,@x11,c-client.cf,host.conf,krb5.keytab,mailcap,mime.types,pine.conf,pinerc.fixed,rpc,services,terminfo +private-etc alternatives,c-client.cf,ca-certificates,crypto-policies,host.conf,hostname,hosts,krb5.keytab,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,passwd,pine.conf,pinerc.fixed,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg private-tmp writable-run-user writable-var diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index 2d0bfcb6ceb..466f60bdaf0 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile @@ -49,7 +49,7 @@ disable-mnt private-bin anki,python* private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl,Trolltech.conf private-tmp dbus-user none diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index 4ad6ac6bc33..dab91fe7d59 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile @@ -62,7 +62,7 @@ disable-mnt private-bin apostrophe,fmtutil,kpsewhich,mktexfmt,pandoc,pdftex,perl,python3*,sh,xdvipdfmx,xelatex,xetex private-cache private-dev -private-etc @x11,texlive +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,texlive,X11 private-tmp dbus-user filter diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index 7f9463c4f67..17eb2451c59 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile @@ -45,7 +45,7 @@ private-bin aria2c,gzip # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772). #private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,groups,ld.so.cache,ld.so.preload,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl private-lib libreadline.so.* private-tmp diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 1c2fbcccced..ed0629c9b4a 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile @@ -42,7 +42,7 @@ tracelog disable-mnt private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor private-dev -private-etc @tls-ca,tor +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,resolv.conf,ssl,tor private-tmp restrict-namespaces diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index 8971408577c..b1347b0d9c1 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile @@ -54,7 +54,7 @@ disable-mnt private-bin artha,enchant,notify-send private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-lib libnotify.so.* private-tmp diff --git a/etc/profile-a-l/atool.profile b/etc/profile-a-l/atool.profile index 672286087fa..b2bc17c67ae 100644 --- a/etc/profile-a-l/atool.profile +++ b/etc/profile-a-l/atool.profile @@ -13,7 +13,7 @@ include allow-perl.inc noroot # without login.defs atool complains and uses UID/GID 1000 by default -private-etc +private-etc alternatives,group,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf private-tmp # Redirect diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index d0513d2a757..f24aff1083a 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile @@ -41,7 +41,7 @@ tracelog private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload # atril uses webkit gtk to display epub files # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index deba11a47fb..74dba7411b3 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile @@ -43,7 +43,7 @@ tracelog disable-mnt # private-bin audio-recorder private-cache -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload private-tmp dbus-user filter diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 215f22fd056..73a2e1806d0 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile @@ -46,7 +46,7 @@ disable-mnt private-bin authenticator-rs private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 96c70a8389f..02c1d8768d9 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile @@ -38,7 +38,7 @@ seccomp disable-mnt # private-bin authenticator,python* private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-tmp # makes settings immutable diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 9ca94710651..b60b5715cd8 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile @@ -44,7 +44,7 @@ disable-mnt private-bin ballbuster private-cache private-dev -private-etc +private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse private-tmp dbus-user none diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index 3fb2a82c333..85a1a58c751 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile @@ -51,7 +51,7 @@ disable-mnt # private-bin bibletime private-cache private-dev -private-etc @tls-ca,sword,sword.conf +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf private-tmp dbus-user none diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index 53d212e340e..b6b52601eba 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile @@ -50,7 +50,7 @@ disable-mnt private-bin bijiben # private-cache -- access to .cache/tracker is required private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload private-tmp dbus-user filter diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index ba30c365483..f8114c71b65 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile @@ -23,7 +23,7 @@ no3d nosound ?HAS_APPIMAGE: ignore private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl private-opt Bitwarden # Redirect diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 6dd54094368..9badb43578d 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile @@ -34,7 +34,7 @@ seccomp # private-bin bash,bless,mono,sh private-cache private-dev -private-etc mono +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,mono private-tmp dbus-user none diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index dccdae924c0..6e7a87e5f3c 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile @@ -40,7 +40,7 @@ tracelog disable-mnt private-bin blobby private-dev -private-etc @x11 +private-etc alsa,alternatives,asound.conf,drirc,group,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pulse private-lib private-tmp diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index fc0a769455e..e6926ee297f 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile @@ -42,7 +42,7 @@ disable-mnt private-bin blobwars private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-a-l/bsdtar.profile b/etc/profile-a-l/bsdtar.profile index c5c2e33ebd1..fbc7c9056ef 100644 --- a/etc/profile-a-l/bsdtar.profile +++ b/etc/profile-a-l/bsdtar.profile @@ -6,7 +6,7 @@ include bsdtar.local # Persistent global definitions include globals.local -private-etc +private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd # Redirect include archiver-common.profile diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index df94ac859ac..b2248ad06a9 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile @@ -45,7 +45,7 @@ tracelog disable-mnt private-bin cameramonitor,python* private-cache -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp # dbus-user none diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index a0fe8ddf175..4c8afd8950e 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile @@ -16,7 +16,7 @@ noblacklist ${HOME}/.cargo/credentials.toml #whitelist ${HOME}/.rustup #private-bin cargo,rustc -private-etc @tls-ca,host.conf,magic,magic.mgc,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl memory-deny-write-execute diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index 17887b6cc9d..e4e32b26520 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile @@ -38,7 +38,7 @@ disable-mnt private-bin cawbird private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg private-tmp # dbus-user none diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 7b0f7bdf0df..0c4335e8fd3 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile @@ -52,7 +52,7 @@ tracelog private-bin celluloid,env,gnome-mpv,python*,youtube-dl private-cache -private-etc @tls-ca,@x11,libva.conf,pkcs11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg private-dev private-tmp diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile index 2df03b10b82..4dfd85740cb 100644 --- a/etc/profile-a-l/chatterino.profile +++ b/etc/profile-a-l/chatterino.profile @@ -70,7 +70,7 @@ private-bin chatterino,cvlc,env,ffmpeg,mpv,nvlc,pgrep,python*,qvlc,rvlc,streamli # private-cache may cause issues with mpv (see #2838) private-cache private-dev -private-etc @tls-ca,@x11,dbus-1,rpc,services +private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11 private-srv none private-tmp diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index 93d9c9a8bee..8aed77c04d1 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile @@ -51,7 +51,7 @@ disable-mnt private-bin cheese private-cache private-dev -private-etc @x11,clutter-1.0 +private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0,ld.so.cache,ld.so.preload private-tmp dbus-user filter diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 3b8eb7bbd79..4f4e8e7bf7c 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile @@ -43,7 +43,7 @@ disable-mnt private-bin bash,clawsker,perl,sh,which private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* private-tmp diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index cc7a436091e..ad6332f78cd 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile @@ -26,6 +26,6 @@ protocol unix,inet,inet6 seccomp private-bin cmus -private-etc @tls-ca +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl restrict-namespaces diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile index aa053e2f750..c341c4ea236 100644 --- a/etc/profile-a-l/cointop.profile +++ b/etc/profile-a-l/cointop.profile @@ -52,7 +52,7 @@ disable-mnt private-bin cointop private-cache private-dev -private-etc @tls-ca,host.conf,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl private-lib private-tmp diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index 50f8f67f3d0..442d50259c3 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile @@ -44,7 +44,7 @@ disable-mnt private-bin colorful private-cache private-dev -private-etc +private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse private-tmp dbus-user none diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index 8b7d2317cd6..990b6bc5ade 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile @@ -44,7 +44,7 @@ disable-mnt private-bin com.github.bleakgrey.tootle private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg private-tmp # Settings are immutable diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index ab389d3ee87..5f2a1c3e69a 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile @@ -51,7 +51,7 @@ disable-mnt private-bin com.github.dahenson.agenda private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload private-tmp dbus-user filter diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index f4533b53718..21f37494b36 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile @@ -54,7 +54,7 @@ disable-mnt private-bin com.github.johnfactotum.Foliate,gjs private-cache private-dev -private-etc @x11,gconf +private-etc alternatives,dconf,fonts,gconf,gtk-3.0,ld.so.cache,ld.so.preload private-tmp read-only ${HOME} diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index 22a64cb3510..07a6a68135b 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile @@ -51,7 +51,7 @@ disable-mnt private-bin com.github.phase1geo.minder private-cache private-dev -private-etc @x11,mime.types +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/com.github.tchx84.Flatseal.profile b/etc/profile-a-l/com.github.tchx84.Flatseal.profile index eee98ba8df2..fd4494e92bd 100644 --- a/etc/profile-a-l/com.github.tchx84.Flatseal.profile +++ b/etc/profile-a-l/com.github.tchx84.Flatseal.profile @@ -51,7 +51,7 @@ disable-mnt private-bin com.github.tchx84.Flatseal,gjs private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload private-tmp dbus-user filter diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 21b576fb7da..793de8ab475 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile @@ -39,7 +39,7 @@ tracelog disable-mnt private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,ssl private-tmp dbus-user none diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index 601daacfa33..842191f3fb1 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile @@ -38,7 +38,7 @@ seccomp disable-mnt private-bin crow private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl private-opt none private-tmp private-srv none diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index 7dd5ca2602d..63d89ec360b 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile @@ -49,7 +49,7 @@ disable-mnt private-bin d-feet,python* private-cache private-dev -private-etc dbus-1 +private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 80790bb0c42..b259c7e9322 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile @@ -50,7 +50,7 @@ private private-bin dbus-send private-cache private-dev -private-etc dbus-1 +private-etc alternatives,dbus-1,ld.so.cache,ld.so.preload private-lib libpcre* private-tmp diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index e2e2492bc85..876e637b270 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile @@ -42,7 +42,7 @@ disable-mnt private-bin dconf-editor private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id private-lib private-tmp diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index 2b2ada742c9..5136445da60 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile @@ -45,7 +45,7 @@ disable-mnt private-bin dconf,gsettings private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,ld.so.cache,ld.so.preload private-lib private-tmp diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 9811c90d679..8ea5d178e68 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile @@ -44,7 +44,7 @@ tracelog disable-mnt private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr private-cache -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index 066cdc8b0ba..ef31fc3eb1b 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile @@ -41,7 +41,7 @@ disable-mnt private-bin devhelp private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,ssl private-tmp # makes settings immutable diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 4461c2a8225..0579547affe 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile @@ -47,7 +47,7 @@ disable-mnt private-bin devilspie private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-lib gconv private-tmp diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 7c0fee9c3cf..3ee58147abb 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile @@ -48,7 +48,7 @@ tracelog disable-mnt private-bin bash,dig,sh private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf # Add the next line to your dig.local on non Debian/Ubuntu OS (see issue #3038). #private-lib private-tmp diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index c5317012650..bf49c8d48d8 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile @@ -24,7 +24,7 @@ whitelist ${HOME}/.config/BetterDiscord whitelist ${HOME}/.local/share/betterdiscordctl private-bin awk,bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],fish,grep,head,sed,sh,tclsh,tr,which,xdg-mime,xdg-open,zsh -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl join-or-start discord diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index bf77828beb7..15f6e441d31 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile @@ -39,7 +39,7 @@ seccomp private-bin display,python* private-dev # On Debian-based systems, display is a symlink in /etc/alternatives -private-etc ImageMagick-6,ImageMagick-7 +private-etc alternatives,ImageMagick-6,ImageMagick-7,ld.so.cache,ld.so.preload private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libgomp.so.*,ImageMagick*,libfreetype.so.*,libltdl.so.*,libMagickWand-*.so.*,libXext.so.* private-tmp diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index 9743ebfbd4b..acaf2e0212e 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile @@ -54,7 +54,7 @@ private-bin bash,dolphin-emu,dolphin-emu-x11,sh private-cache # Add the next line to your dolphin-emu.local if you do not need controller support. #private-dev -private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg private-opt none private-tmp diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 79366b8ee52..9d9fa291b1c 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile @@ -44,7 +44,7 @@ seccomp !chroot private-bin drawio private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 40fd8be7c03..920eb7697b1 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile @@ -44,7 +44,7 @@ disable-mnt #private-bin bash,easystroke,sh private-cache private-dev -private-etc +private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd # breaks custom shell command functionality #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 4872223f116..d0d0f2168b2 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile @@ -29,7 +29,7 @@ read-only ${HOME}/.mozilla/firefox/profiles.ini machine-id nosound -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl private-opt ElectronMail dbus-user filter diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index 48ce0aa22f4..78a996f7102 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile @@ -46,7 +46,7 @@ private-bin electrum,python* private-cache ?HAS_APPIMAGE: ignore private-dev private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl private-tmp # dbus-user none diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 86442d44128..0d5d18fe26d 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile @@ -69,7 +69,7 @@ tracelog # disable-mnt private-cache private-dev -private-etc @tls-ca,@x11,gnupg,hosts.conf,mailname,timezone +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,localtime,machine-id,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,timezone,xdg private-tmp # encrypting and signing email writable-run-user diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index 051c75fc1f8..37a6c088b68 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile @@ -47,7 +47,7 @@ x11 none private-bin enchant,enchant-* private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-lib private-tmp diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index c487a5add4a..83abb551efd 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile @@ -46,7 +46,7 @@ tracelog private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* private-tmp diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 8b32d08b137..adda53660e8 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile @@ -55,7 +55,7 @@ disable-mnt private-cache ?BROWSER_DISABLE_U2F: private-dev # private-etc below works fine on most distributions. There are some problems on CentOS. -#private-etc @tls-ca,@x11,mailcap,mime.types,os-release +#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,login.defs,machine-id,mailcap,mime.types,nsswitch.conf,os-release,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp # breaks preferences diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 8cbdccbb564..2fe0a4af4a4 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile @@ -53,7 +53,7 @@ disable-mnt private-bin equalx,gs,pdflatex,pdftocairo private-cache private-dev -private-etc @x11,equalx,equalx.conf,latexmk.conf,papersize,texlive +private-etc alternatives,equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,ld.so.cache,ld.so.preload,machine-id,papersize,passwd,texlive,Trolltech.conf private-tmp dbus-user none diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index 75a3958ad01..95115d48499 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile @@ -54,7 +54,7 @@ tracelog private-bin evince,evince-previewer,evince-thumbnailer,sh private-cache private-dev -private-etc +private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd # private-lib might break two-page-view on some systems private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* private-tmp diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index a8be4828f61..45331487c56 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile @@ -47,7 +47,7 @@ x11 none #private-bin exiftool,perl private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index d805766eb1d..2daf1ff1589 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile @@ -47,7 +47,7 @@ disable-mnt # private-bin falkon private-cache private-dev -private-etc @tls-ca,@x11,adobe,mailcap,mime.types +private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg private-tmp # dbus-user filter diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 77e16a56b0f..248cb5b4950 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile @@ -42,7 +42,7 @@ private private-bin bash,fdns,sh private-cache #private-dev -private-etc @tls-ca,fdns +private-etc alternatives,ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl # private-lib private-tmp diff --git a/etc/profile-a-l/feh-network.inc.profile b/etc/profile-a-l/feh-network.inc.profile index 4b45cd19817..7293e89a8dd 100644 --- a/etc/profile-a-l/feh-network.inc.profile +++ b/etc/profile-a-l/feh-network.inc.profile @@ -5,4 +5,4 @@ include feh-network.inc.local ignore net none netfilter protocol unix,inet,inet6 -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile index 82b3f76453d..be5ab8627a1 100644 --- a/etc/profile-a-l/feh.profile +++ b/etc/profile-a-l/feh.profile @@ -35,7 +35,7 @@ seccomp private-bin feh,jpegexiforient,jpegtran private-cache private-dev -private-etc feh +private-etc alternatives,feh,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index b7d54f05d7d..160f26f7841 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile @@ -47,7 +47,7 @@ tracelog private-bin ffmpeg private-cache private-dev -private-etc @tls-ca,pkcs11 +private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pkcs11,pki,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-a-l/ffplay.profile b/etc/profile-a-l/ffplay.profile index 5cffd4980f1..52abb99d4f7 100644 --- a/etc/profile-a-l/ffplay.profile +++ b/etc/profile-a-l/ffplay.profile @@ -14,7 +14,7 @@ ignore nogroups ignore nosound private-bin ffplay -private-etc +private-etc alsa,alternatives,asound.conf,group,ld.so.cache,ld.so.preload # Redirect include ffmpeg.profile diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 4f39bec55e4..ef4e0e117f9 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile @@ -42,7 +42,7 @@ tracelog private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg # private-tmp dbus-system none diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 42d12c5d9e3..57c9b5dfb85 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile @@ -57,7 +57,9 @@ seccomp !chroot disable-mnt ?BROWSER_DISABLE_U2F: private-dev -# private-etc below works fine on most distributions. There could be some problems on CentOS. +# private-etc below works fine on most distributions. There are some problems on CentOS. +# Add it to your firefox-common.local if you want to enable it. +#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-etc @tls-ca,@x11,mailcap,mime.types,os-release private-tmp diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 3f4432857b6..0984055a3df 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile @@ -51,7 +51,7 @@ tracelog disable-mnt private-bin flameshot private-cache -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,pki,resolv.conf,ssl private-dev #private-tmp diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index fe0bc8756a6..a614d7d9f2f 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile @@ -46,7 +46,7 @@ disable-mnt private-bin fractal private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index 9bf5a14be87..ae5843f7fac 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile @@ -43,7 +43,7 @@ disable-mnt private-bin bash,cp,dirname,dpkg,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which private-cache private-dev -#private-etc alternatives,fonts,java* +#private-etc alternatives,fonts,java private-tmp private-opt none private-srv none diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index bdc5fa55786..bcde18b362b 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile @@ -18,7 +18,7 @@ mkdir ${HOME}/.config/FreeTube whitelist ${HOME}/.config/FreeTube private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg dbus-user filter dbus-user.own org.mpris.MediaPlayer2.chromium.* diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index d9ee054ab0f..067fe3caa87 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile @@ -44,7 +44,7 @@ disable-mnt private-bin frogatto,sh private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index ed7b32f6e9c..d4d578dd43c 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile @@ -58,7 +58,7 @@ disable-mnt private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg private-tmp writable-run-user diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 96ded592d5a..0fba8ac07c7 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile @@ -42,7 +42,7 @@ tracelog private-bin galculator private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-lib private-tmp diff --git a/etc/profile-a-l/gallery-dl.profile b/etc/profile-a-l/gallery-dl.profile index 9c8200dc4ec..2947873ef07 100644 --- a/etc/profile-a-l/gallery-dl.profile +++ b/etc/profile-a-l/gallery-dl.profile @@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/gallery-dl noblacklist ${HOME}/.gallery-dl.conf private-bin gallery-dl -private-etc gallery-dl.conf +private-etc alternatives,gallery-dl.conf,ld.so.cache,ld.so.preload # Redirect include youtube-dl.profile diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index baf8f614e77..106e0eda672 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile @@ -48,7 +48,7 @@ private private-bin gapplication private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp # Add the next line to your gapplication.local to filter D-Bus names. diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index ad37312a873..313b34a5359 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile @@ -35,7 +35,7 @@ tracelog disable-mnt private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index ead78d98384..5b434342b52 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile @@ -53,7 +53,7 @@ disable-mnt private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2* private-cache private-dev -private-etc gconf +private-etc alternatives,fonts,gconf,ld.so.cache,ld.so.preload private-lib GConf,libpython*,python2* private-tmp diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index a19a20ba72c..6aaf1ab050f 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -75,7 +75,7 @@ tracelog #private-bin geary,sh private-cache private-dev -private-etc @tls-ca,@x11,mailcap,mime.types +private-etc alternatives,ca-certificates,crypto-policies,fonts,group,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mailcap,mime.types,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile index 3a929774a5a..cda47a7e905 100644 --- a/etc/profile-a-l/geekbench.profile +++ b/etc/profile-a-l/geekbench.profile @@ -47,7 +47,7 @@ disable-mnt #private-bin bash,geekbench*,sh -- #4576 private-cache private-dev -private-etc lsb-release +private-etc alternatives,group,ld.so.cache,ld.so.preload,lsb-release,passwd private-tmp dbus-user none diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index 1c97ad21c99..d3d49433b22 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile @@ -60,7 +60,7 @@ disable-mnt private-bin gfeeds,python3* # private-cache -- feeds are stored in ~/.cache private-dev -private-etc @tls-ca,@x11,dbus-1,gconf,host.conf,mime.types,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index 11d5f620ccb..02c4f950941 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile @@ -48,7 +48,7 @@ disable-mnt private-bin gget private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-lib private-tmp diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index dabf0dd7fc2..9c719ddb14f 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile @@ -51,7 +51,7 @@ private-bin context,gettext,ghostwriter,latex,mktexfmt,pandoc,pdflatex,pdfroff,p private-cache private-dev # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed -private-etc @tls-ca,@x11,dbus-1,firejail,gconf,host.conf,mime.types,rpc,services,texlive +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 717519112e5..f29929a724f 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile @@ -59,7 +59,7 @@ seccomp !mbind tracelog private-dev -private-etc @tls-ca,@x11,python* +private-etc @x11,gcrypt,python* private-tmp dbus-user none diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index 6eea076f750..d315619b779 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile @@ -51,7 +51,7 @@ tracelog disable-mnt private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 49568ba238d..2f7068d6835 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile @@ -69,7 +69,7 @@ tracelog private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed private-cache private-dev -private-etc @tls-ca,@x11,gitconfig,host.conf,mime.types,ssh +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg private-tmp writable-run-user diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index e3cf87c8757..0f9ed95920c 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile @@ -36,7 +36,7 @@ seccomp disable-mnt private-bin bash,env,gitter -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,pulse,resolv.conf,ssl private-opt Gitter private-dev private-tmp diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index fbfbdd20425..92ba7011349 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile @@ -43,7 +43,7 @@ disable-mnt private-bin gl-117 private-cache private-dev -private-etc @x11,bumblebee,glvnd +private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse private-tmp dbus-user none diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index 5aa69f7145e..d61b566d85a 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile @@ -43,7 +43,7 @@ disable-mnt private-bin glaxium private-cache private-dev -private-etc @x11,bumblebee,glvnd +private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse private-tmp dbus-user none diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index f3e04500083..b337dc4d55c 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile @@ -43,7 +43,7 @@ tracelog disable-mnt #private-bin gmpc private-cache -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf private-tmp writable-run-user diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index 70a302138a7..b0d3f1d3464 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile @@ -44,7 +44,7 @@ private private-bin gnome-calendar private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl private-tmp dbus-user filter diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index 9e9730e53db..2e11f335b79 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile @@ -48,7 +48,7 @@ disable-mnt private-bin gjs,gnome-characters private-cache private-dev -private-etc @x11,gconf,mime.types +private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg private-tmp # Add the next lines to your gnome-characters.local if you don't need access to recently used chars. diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 9f5174b9edb..78bd54b642b 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile @@ -49,7 +49,7 @@ disable-mnt private-bin fairymax,gnome-chess,gnuchess,hoichess private-cache private-dev -private-etc @x11,gnome-chess +private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload private-tmp restrict-namespaces diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index f290b26deec..5563afcbd15 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile @@ -41,7 +41,7 @@ disable-mnt private-bin gnome-clocks,gsound-play private-cache private-dev -private-etc @tls-ca,@x11,pkcs11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,resolv.conf,ssl private-tmp restrict-namespaces diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 4f436202c89..f0493c645f5 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile @@ -41,7 +41,7 @@ private private-bin gnome-hexgl private-cache private-dev -private-etc +private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse private-tmp dbus-user none diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index b15439aeeef..43e0a1ec18d 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile @@ -47,7 +47,7 @@ tracelog private-cache private-dev # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed -private-etc @x11,latexmk.conf,texlive +private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive dbus-system none diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index 61f4f41071b..b619b0f272d 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile @@ -39,7 +39,7 @@ disable-mnt private-bin gnome-logs private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp writable-var-log diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index 17f52e58855..d14b2a5a13a 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile @@ -63,7 +63,7 @@ disable-mnt private-bin gjs,gnome-maps # private-cache -- gnome-maps cache all maps/satelite-images private-dev -private-etc @tls-ca,@x11,clutter-1.0,gconf,host.conf,mime.types,pkcs11,rpc,services +private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 22d5f87eaf2..ec033dbf02a 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile @@ -41,7 +41,7 @@ tracelog # private-bin calls a file manager - whatever is installed! #private-bin env,gio-launch-desktop,gnome-music,python*,yelp private-dev -private-etc @x11 +private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,xdg private-tmp restrict-namespaces diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index 450e76082be..0d7fb2de800 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile @@ -52,7 +52,7 @@ disable-mnt private-bin gnome-passwordsafe,python3* private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd private-tmp dbus-user filter diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index ac0fb555d27..6d90773aa2d 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile @@ -33,7 +33,7 @@ seccomp disable-mnt private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* private-tmp diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index 9906b15d90a..fb019227f56 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile @@ -43,7 +43,7 @@ disable-mnt private-bin gnome-pomodoro private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id private-tmp dbus-user filter diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index aa1ded51627..75f3199e291 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile @@ -46,7 +46,7 @@ seccomp disable-mnt private-bin gnome-recipes,tar private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,ssl private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* private-tmp diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index 25be407b5d0..74238a109be 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile @@ -41,7 +41,7 @@ tracelog disable-mnt private-bin gnome-screenshot private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,machine-id private-tmp dbus-user filter diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index f278b332b6c..d07bd80a758 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile @@ -39,7 +39,7 @@ tracelog disable-mnt private-cache private-dev -private-etc @games,@x11 +private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pango,pulse,xdg private-tmp restrict-namespaces diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index f4e98534271..4c74c0a61f5 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile @@ -42,7 +42,7 @@ disable-mnt private-bin gnome-system-log private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id private-lib private-tmp writable-var-log diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 5c375de2db8..ae7ea83d80e 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile @@ -45,7 +45,7 @@ disable-mnt private-bin gnome-todo private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,passwd,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile index c03d41f06e4..c9145d78e83 100644 --- a/etc/profile-a-l/gnome_games-common.profile +++ b/etc/profile-a-l/gnome_games-common.profile @@ -40,7 +40,7 @@ tracelog disable-mnt private-cache private-dev -private-etc @x11,gconf +private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pango,passwd,X11 private-tmp dbus-user filter diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index c6ce0c2c00b..d7944ae249e 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile @@ -50,7 +50,7 @@ disable-mnt private-bin gnote private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,pango,X11 private-tmp dbus-user filter diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index 025cb74b633..bdbcf9baf8b 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile @@ -42,7 +42,7 @@ private private-bin gnubik private-cache private-dev -private-etc @x11 +private-etc alternatives,drirc,fonts,gtk-2.0,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 5e41384abb4..36a2cae07f6 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile @@ -37,7 +37,7 @@ tracelog # private-bin godot private-cache private-dev -private-etc @games,@tls-ca,@x11,mono +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,ld.so.cache,ld.so.preload,machine-id,mono,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-a-l/goldendict.profile b/etc/profile-a-l/goldendict.profile index 822e5ffc2dd..327648cd18f 100644 --- a/etc/profile-a-l/goldendict.profile +++ b/etc/profile-a-l/goldendict.profile @@ -50,7 +50,7 @@ disable-mnt private-bin goldendict private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 58769643a43..da7c24581a3 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile @@ -53,7 +53,7 @@ disable-mnt private-bin env,python3*,sh,w3m private-cache private-dev -private-etc @tls-ca,host.conf,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl private-tmp dbus-user none diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index 0525995c368..1012f5774d1 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile @@ -40,7 +40,7 @@ tracelog private-bin gpicview private-cache private-dev -private-etc +private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd private-lib private-tmp diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 99c840a27fb..53a6f94e2f4 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile @@ -35,7 +35,7 @@ tracelog private-bin gpredict private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-tmp restrict-namespaces diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index a0d2247e089..368482fa329 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile @@ -44,7 +44,7 @@ disable-mnt private-bin gradio private-cache private-dev -private-etc @tls-ca,@x11,host.conf +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp dbus-user filter diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index 19af7c0b963..02a49134c18 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile @@ -39,7 +39,7 @@ private private-bin gravity-beams-and-evaporating-stars private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index eb09fe38194..5fd92fd4f7d 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile @@ -45,7 +45,7 @@ disable-mnt private-bin gtk-update-icon-cache private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-lib private-tmp diff --git a/etc/profile-a-l/gucharmap.profile b/etc/profile-a-l/gucharmap.profile index ef4aad4dac5..68b78ec6232 100644 --- a/etc/profile-a-l/gucharmap.profile +++ b/etc/profile-a-l/gucharmap.profile @@ -42,7 +42,7 @@ disable-mnt private-bin gnome-character-map,gucharmap private-cache private-dev -private-etc @x11,dbus-1,gconf,mime.types +private-etc alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,X11,xdg private-lib private-tmp diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index 467bee3a0c0..db307e9401b 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile @@ -47,7 +47,7 @@ disable-mnt private-bin guvcview private-cache private-dev -private-etc @x11,bumblebee,glvnd +private-etc alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,glvnd,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pango,pulse,X11 private-tmp dbus-user none diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index 4be71f6d38f..8f7f74e0de6 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile @@ -46,7 +46,7 @@ seccomp private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 private-dev -private-etc @x11,gimp +private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,xdg # dbus-user none # dbus-system none diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index ccbb6633360..91b73e8e9dc 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile @@ -49,7 +49,7 @@ disable-mnt private-bin homebank private-cache private-dev -private-etc @tls-ca,@x11,mime.types +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11 private-tmp dbus-user none diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 3f7901d3f42..b33709ef0dc 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile @@ -42,7 +42,7 @@ tracelog disable-mnt private private-bin bash,host,sh -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf private-dev private-tmp diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index 72d28ed08cf..13dc06eccce 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile @@ -43,7 +43,7 @@ private-bin hyperrogue private-cache private-cwd private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index 6ee92e98663..757af67b068 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile @@ -67,7 +67,7 @@ seccomp disable-mnt private-cache private-dev -private-etc @tls-ca,@x11,i2p,java* +private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl private-tmp restrict-namespaces diff --git a/etc/profile-a-l/io.github.lainsce.Notejot.profile b/etc/profile-a-l/io.github.lainsce.Notejot.profile index 4730802a23c..cb2f30350a7 100644 --- a/etc/profile-a-l/io.github.lainsce.Notejot.profile +++ b/etc/profile-a-l/io.github.lainsce.Notejot.profile @@ -50,7 +50,7 @@ disable-mnt private-bin io.github.lainsce.Notejot private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 private-tmp dbus-user filter diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile index 7eabbca8480..983c31bcb95 100644 --- a/etc/profile-a-l/ipcalc.profile +++ b/etc/profile-a-l/ipcalc.profile @@ -49,7 +49,7 @@ private-bin bash,ipcalc,ipcalc-ng,perl,sh # private-cache private-dev # empty etc directory -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-lib private-opt none private-tmp diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index 0cdfa2ace8a..3136b412efe 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile @@ -33,7 +33,7 @@ tracelog private-bin bash,jerry,sh,stockfish private-dev -private-etc @x11 +private-etc alternatives,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile index 8c85d104396..edb7ed84038 100644 --- a/etc/profile-a-l/jitsi-meet-desktop.profile +++ b/etc/profile-a-l/jitsi-meet-desktop.profile @@ -21,7 +21,7 @@ mkdir ${HOME}/.config/Jitsi Meet whitelist ${HOME}/.config/Jitsi Meet private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh -private-etc @tls-ca,@x11,bumblebee,glvnd,host.conf,mime.types,rpc,services +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg # Redirect include electron.profile diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index cefceefed53..66d63283a89 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile @@ -40,7 +40,7 @@ disable-mnt private-bin jumpnbump private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index a4e67cf6be9..bde52f30e57 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile @@ -41,7 +41,7 @@ disable-mnt private-bin kalgebra,kalgebramobile private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 70414eeea9f..c01000af166 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile @@ -48,7 +48,7 @@ disable-mnt # private-bin kazam,python* private-cache private-dev -private-etc @x11 +private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,X11,xdg private-tmp dbus-system none diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index cfb756c4373..ea56f2d3969 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile @@ -59,7 +59,7 @@ disable-mnt private-bin kcalc private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,locale,locale.conf # private-lib - problems on Arch private-tmp diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index 4644d598d94..935fe3933d2 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile @@ -40,7 +40,7 @@ tracelog private-bin keepassx,keepassx2 private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index f7959ca81f0..80374690c82 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile @@ -89,7 +89,7 @@ private-bin keepassxc,keepassxc-cli,keepassxc-proxy # hardware keys) on /dev after it has already started; add "ignore private-dev" # to keepassxc.local if this is an issue (see #4883). private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user filter diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index 651571fd9e2..424fb006eff 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile @@ -36,7 +36,7 @@ tracelog private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl private-tmp private-opt none private-srv none diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 2e369b94571..5a028aeea96 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile @@ -43,7 +43,7 @@ seccomp !chroot disable-mnt private-cache private-dev -private-etc @tls-ca +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index faf6a2d08fa..0785b904deb 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile @@ -44,7 +44,7 @@ disable-mnt private-bin bash,klavaro,sh,tclsh,tclsh* private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp private-opt none private-srv none diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index b5ce96e7013..68ef6111a91 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile @@ -45,7 +45,7 @@ disable-mnt private-bin ktouch private-cache private-dev -private-etc @x11 +private-etc alternatives,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 5183a932750..0cdfe4f1041 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile @@ -67,7 +67,7 @@ tracelog private-bin kube,sink_synchronizer private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg private-tmp writable-run-user diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 58981164364..7ecf26d8e4b 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile @@ -42,7 +42,7 @@ tracelog disable-mnt private-bin kwin_x11 private-dev -private-etc @x11 +private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id,xdg private-tmp restrict-namespaces diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 34fe2ace66b..18a024c7ee3 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile @@ -46,7 +46,7 @@ tracelog private-bin kbuildsycoca4,kdeinit4,kwrite private-dev -private-etc @x11 +private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,pulse,xdg private-tmp # dbus-user none diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile index 4440757ad14..025156d2dc4 100644 --- a/etc/profile-a-l/lifeograph.profile +++ b/etc/profile-a-l/lifeograph.profile @@ -48,7 +48,7 @@ disable-mnt private-bin lifeograph private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 private-tmp dbus-user filter diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index 838d619b76b..22a4a2a2adf 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile @@ -50,7 +50,7 @@ disable-mnt private-bin sh private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl # Add the next line to your links-common.local to allow external media players. # private-etc alsa,asound.conf,machine-id,openal,pulse private-tmp diff --git a/etc/profile-a-l/linuxqq.profile b/etc/profile-a-l/linuxqq.profile index 83f3d11d372..8855f09f59d 100644 --- a/etc/profile-a-l/linuxqq.profile +++ b/etc/profile-a-l/linuxqq.profile @@ -23,7 +23,7 @@ noprinters # If you don't need/want to save anything to disk you can add `private` to your linuxqq.local. #private -private-etc @tls-ca,@x11,host.conf,os-release +private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg private-opt QQ dbus-user filter diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index bb13e03014e..78b78662b81 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile @@ -36,7 +36,7 @@ protocol unix,inet,inet6 seccomp private-dev -private-etc @tls-ca,@x11,host.conf +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp restrict-namespaces diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index c3366acef62..ae2f2d4341c 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile @@ -32,7 +32,7 @@ apparmor machine-id # private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex -private-etc @x11,lyx,mime.types,texmf +private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,lyx,machine-id,mime.types,passwd,texmf,X11,xdg # Redirect include latex-common.profile diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index e75de80ac07..902fc9a6a57 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile @@ -47,7 +47,7 @@ private-bin PCSX2 private-cache # Add the next line to your PCSX2.local if you do not need controller support. #private-dev -private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg private-opt none private-tmp diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index f8b5cec1332..22c4c4631ec 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile @@ -71,7 +71,7 @@ disable-mnt private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer private-cache private-dev -private-etc @tls-ca +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,login.defs,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile index eed839041ad..6140de60fa3 100644 --- a/etc/profile-m-z/QOwnNotes.profile +++ b/etc/profile-m-z/QOwnNotes.profile @@ -49,7 +49,7 @@ tracelog disable-mnt private-bin gio,QOwnNotes private-dev -private-etc @tls-ca,host.conf +private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl private-tmp restrict-namespaces diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index 34d500bb1ff..2ea185ec036 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile @@ -32,7 +32,7 @@ seccomp !chroot disable-mnt private-bin awk,bash,dig,sh,Viber -private-etc @tls-ca,@x11,mailcap,proxychains.conf +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 private-tmp # restrict-namespaces diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index ee19fa3b0c2..8bf79f554f9 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile @@ -42,7 +42,7 @@ private # private-bin sh,xkbcomp,Xvfb # private-bin bash,cat,ls,sh,strace,xkbcomp,Xvfb private-dev -private-etc gai.conf,host.conf +private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,nsswitch.conf,resolv.conf private-tmp restrict-namespaces diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index d9990825a72..e5d994b57b0 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile @@ -44,7 +44,7 @@ disable-mnt private-bin magicor,python2* private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index cdf1d807f3e..0e3f9e6e2c1 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile @@ -56,7 +56,7 @@ disable-mnt #private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim private-cache private-dev -private-etc @x11,groff,man_db.conf,manpath.config,sysless +private-etc alternatives,fonts,groff,group,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,login.defs,man_db.conf,manpath.config,passwd,selinux,sysless,xdg #private-tmp dbus-user none diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index 2fb527ad5d7..7066f422929 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile @@ -53,7 +53,7 @@ tracelog private-bin marker,python3* private-cache private-dev -private-etc @x11 +private-etc alternatives,dconfgtk-3.0,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,pango,X11 private-tmp dbus-user filter diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index 95a16cbb83a..176506ff228 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile @@ -35,7 +35,7 @@ tracelog private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp restrict-namespaces diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index ee780333dec..e3a5c6ab658 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile @@ -41,7 +41,7 @@ seccomp disable-mnt private-bin mate-calc,mate-calculator -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload private-dev private-opt none private-tmp diff --git a/etc/profile-m-z/mate-color-select.profile b/etc/profile-m-z/mate-color-select.profile index 37cae5c70df..337c2d6e50b 100644 --- a/etc/profile-m-z/mate-color-select.profile +++ b/etc/profile-m-z/mate-color-select.profile @@ -32,7 +32,7 @@ seccomp disable-mnt private-bin mate-color-select -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-dev private-lib private-tmp diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index b563170378e..e80b220b761 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile @@ -36,7 +36,7 @@ seccomp disable-mnt private-bin mate-dictionary -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-opt mate-dictionary private-dev private-tmp diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile index f4eb6d40495..3c2bf4fa390 100644 --- a/etc/profile-m-z/mattermost-desktop.profile +++ b/etc/profile-m-z/mattermost-desktop.profile @@ -17,7 +17,7 @@ include disable-shell.inc mkdir ${HOME}/.config/Mattermost whitelist ${HOME}/.config/Mattermost -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl # Not tested #dbus-user filter diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index d880228dea0..1ebe9aabad5 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile @@ -30,6 +30,6 @@ seccomp private-bin mcabber private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,ssl restrict-namespaces diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile index a288f1972cc..a3ff768b71d 100644 --- a/etc/profile-m-z/mcomix.profile +++ b/etc/profile-m-z/mcomix.profile @@ -57,7 +57,7 @@ private-bin 7z,lha,mcomix,mutool,python*,rar,sh,unrar,unzip private-cache private-dev # mcomix <= 1.2 uses gtk-2.0 -private-etc @x11,gconf,mime.types +private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,X11,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index d3b3c6d487b..e1025a1fb5d 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile @@ -44,7 +44,7 @@ disable-mnt private-bin mdr private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-lib private-tmp diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index 01edd23abc3..12d692b7256 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile @@ -42,7 +42,7 @@ x11 none private-bin mediainfo private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index fcac70fb377..cd4938ec698 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile @@ -51,7 +51,7 @@ tracelog disable-mnt private-cache private-dev -private-etc @tls-ca,@x11,mime.types +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,mime.types,nsswitch.conf,passwd,pki,selinux,X11,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index 48ac0ec694c..a26896b1957 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile @@ -41,7 +41,7 @@ private private-bin mindless private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index 4f2c89b2752..e6bf8680235 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile @@ -50,7 +50,7 @@ private-cache private-dev # If multiplayer or realms break, add 'private-etc ' # or 'ignore private-etc' to your minecraft-launcher.local. -private-etc @tls-ca,@x11,host.conf,java*,mime.types,services,timezone +private-etc alternatives,asound.conf,ati,ca-certificates,crypto-policies,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,login.defs,machine-id,mime.types,nvidia,passwd,pki,pulse,resolv.conf,selinux,services,ssl,timezone,X11,xdg private-opt minecraft-launcher private-tmp diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 9e72f9996af..ce938c8673f 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile @@ -53,7 +53,7 @@ disable-mnt private-bin minitube private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index 665b32ecfdf..d36c0fc8101 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile @@ -53,7 +53,7 @@ disable-mnt private-bin ldconfig,mirage private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 4943a80aff8..34721b4a3b7 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile @@ -43,7 +43,7 @@ private private-bin mirrormagic private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index 2ba03ec974c..46320f8eaca 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile @@ -41,7 +41,7 @@ tracelog private-bin mocp private-cache private-dev -private-etc @tls-ca +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index ed344ba3fb7..89cee657d2d 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile @@ -36,7 +36,7 @@ tracelog private-bin mp3splt-gtk private-cache private-dev -private-etc @games,@x11 +private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pulse private-tmp dbus-user none diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index ef463507538..77ad30d0c4c 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile @@ -43,7 +43,7 @@ disable-mnt private-bin flacsplt,mp3splt,mp3wrap,oggsplt private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index a9631733cb6..94b34286561 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile @@ -48,7 +48,7 @@ seccomp private-bin mpDris2,notify-send,python* private-cache private-dev -private-etc +private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,resolv.conf private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3* private-tmp diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index fd79e2a8038..4f7ae09b9ff 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile @@ -51,7 +51,7 @@ disable-mnt private-bin love,mrrescue,sh private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index 91e990cf66a..d979e7401ce 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile @@ -34,7 +34,7 @@ tracelog disable-mnt private-bin bash,env,fonts,jak,ms-office,python*,sh -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-dev private-tmp diff --git a/etc/profile-m-z/mupdf-x11-curl.profile b/etc/profile-m-z/mupdf-x11-curl.profile index f8dec6e7d87..006f64ba83c 100644 --- a/etc/profile-m-z/mupdf-x11-curl.profile +++ b/etc/profile-m-z/mupdf-x11-curl.profile @@ -12,7 +12,7 @@ ignore net none netfilter protocol unix,inet,inet6 -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl # Redirect include mupdf.profile diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile index 1e92b07bf42..954016c2cd6 100644 --- a/etc/profile-m-z/mupdf.profile +++ b/etc/profile-m-z/mupdf.profile @@ -36,7 +36,7 @@ seccomp tracelog private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 3387ed5dedb..01b8d20b3f2 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile @@ -49,7 +49,7 @@ disable-mnt private-bin musictube private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index 7ce7fbd19e5..d2032dcf643 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile @@ -33,6 +33,6 @@ seccomp !chroot disable-mnt private-dev -private-etc @tls-ca +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,machine-id,pki,pulse,ssl # restrict-namespaces diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 288ffedf1fa..904b0cd7cc7 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -124,7 +124,7 @@ tracelog # disable-mnt private-cache private-dev -private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo +private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg private-tmp writable-run-user writable-var diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index 774865a38e6..18117965e9d 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile @@ -42,7 +42,7 @@ tracelog private-cache private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index 6b4074dfb41..74403c3353c 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile @@ -48,7 +48,7 @@ private-dev # Add the next lines to your nano.local if you want to edit files in /etc directly. #ignore private-etc #writable-etc -private-etc nanorc +private-etc alternatives,ld.so.cache,ld.so.preload,nanorc # Add the next line to your nano.local if you want to edit files in /var directly. #writable-var diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile index 80e28a5e506..fde1d4d2c5e 100644 --- a/etc/profile-m-z/neochat.profile +++ b/etc/profile-m-z/neochat.profile @@ -53,7 +53,7 @@ tracelog disable-mnt private-bin neochat private-dev -private-etc @tls-ca,@x11,dbus-1,host.conf,mime.types,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,fonts,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 5bd1e7cbabe..f343226ae9c 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -116,7 +116,7 @@ tracelog # disable-mnt private-cache private-dev -private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg private-tmp writable-run-user writable-var diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index b0828cd76f1..1ede4240531 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile @@ -44,7 +44,7 @@ disable-mnt private-bin netactview,netactview_polkit private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf private-lib private-tmp diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile index a7c4042018e..68b0ce2ea78 100644 --- a/etc/profile-m-z/neverball.profile +++ b/etc/profile-m-z/neverball.profile @@ -43,7 +43,7 @@ disable-mnt private-bin neverball private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id private-tmp dbus-user none diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index a08fbad36e5..b80a0a1516f 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile @@ -52,7 +52,7 @@ disable-mnt private-bin gzip,lynx,newsboat,sh,w3m private-cache private-dev -private-etc @tls-ca,lynx.cfg,lynx.lss,terminfo +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo private-tmp dbus-user none diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index c7c8abc0b0b..59f16bb10c9 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile @@ -50,7 +50,7 @@ disable-mnt private-bin com.gitlab.newsflash,newsflash private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pango,pki,resolv.conf,ssl,X11 private-tmp dbus-user none diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index d4bad2f6700..c26942c81f2 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile @@ -61,7 +61,7 @@ tracelog disable-mnt private-bin nextcloud,nextcloud-desktop private-cache -private-etc @tls-ca,@x11,Nextcloud,host.conf,os-release +private-etc alternatives,ca-certificates,crypto-policies,drirc,fonts,gcrypt,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,Nextcloud,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg private-dev private-tmp diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index cdd2ffc3f27..4e4c7bfe742 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile @@ -47,7 +47,7 @@ disable-mnt private-bin nheko private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile index 7a97ca8258d..cefe9fa79aa 100644 --- a/etc/profile-m-z/nitroshare.profile +++ b/etc/profile-m-z/nitroshare.profile @@ -41,7 +41,7 @@ disable-mnt private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,ssl # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare private-tmp diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index f3b0c8a49e0..f185a04ee63 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile @@ -92,7 +92,7 @@ seccomp.block-secondary disable-mnt private-dev -private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg #private-tmp dbus-user none diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index 87373a02b4b..ac83363315c 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile @@ -40,7 +40,7 @@ tracelog #private-bin nomacs private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl private-tmp restrict-namespaces diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index f0f2cca2e58..11d6bd79592 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile @@ -48,7 +48,7 @@ private private-bin notify-send private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user filter diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index dcd76f2ad1a..5866cda47cc 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile @@ -45,7 +45,7 @@ tracelog disable-mnt private-bin bash,nslookup,sh -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf private-dev private-tmp diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile index 6ab21af5bc5..9f4a6ec4608 100644 --- a/etc/profile-m-z/nuclear.profile +++ b/etc/profile-m-z/nuclear.profile @@ -18,7 +18,7 @@ whitelist ${HOME}/.config/nuclear no3d # private-bin nuclear -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-opt nuclear # Redirect diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index 4355fd0c7f8..4f767f046dc 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile @@ -44,7 +44,7 @@ disable-mnt private-bin nyx,python* private-cache private-dev -private-etc tor +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,passwd,tor private-opt none private-srv none private-tmp diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index 830483bd490..87c665cbafe 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile @@ -53,7 +53,7 @@ tracelog private-bin ocenaudio,ocenvst private-cache private-dev -private-etc @tls-ca,@x11,mime.types +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg private-opt ocenaudio private-tmp diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 73b72efc24e..25da2139fdd 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile @@ -37,7 +37,7 @@ x11 none private-bin odt2txt private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 8e0758c376c..568b6566e82 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile @@ -61,7 +61,7 @@ tracelog private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar private-dev -private-etc @x11,cups +private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,passwd,xdg # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients # dbus-user none diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index f8be5819b09..913b499d31b 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile @@ -49,7 +49,7 @@ disable-mnt private-cache private-bin onboard,python*,tput private-dev -private-etc @x11,dbus-1,mime.types +private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,mime.types,selinux,X11,xdg private-tmp dbus-system none diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index 46d0bb86b96..053f54b48cd 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile @@ -42,7 +42,7 @@ disable-mnt private-bin bash,cut,glxinfo,grep,head,openarena,openarena_ded,quake3,zenity private-cache private-dev -private-etc @games,@x11,udev +private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,openal,passwd,selinux,udev,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index 721b061173e..be97552ab7d 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile @@ -52,7 +52,7 @@ tracelog private-bin bsatool,esmtool,niftest,openmw,openmw-cs,openmw-essimporter,openmw-iniimporter,openmw-launcher,openmw-wizard private-cache private-dev -private-etc @x11,bumblebee,glvnd,mime.types,openmw +private-etc alsa,alternatives,asound.conf,bumblebee,drirc,fonts,glvnd,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nvidia,openmw,pango,passwd,pulse,Trolltech.conf,X11,xdg private-opt none private-tmp diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index a1c0462ba78..028c6fe906c 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile @@ -52,7 +52,7 @@ disable-mnt private-bin bash,otter-browser,sh,which private-cache ?BROWSER_DISABLE_U2F: private-dev -private-etc @tls-ca,@x11,mailcap,mime.types +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp dbus-system none diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index 0a906718a67..2610ae67a9d 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile @@ -49,7 +49,7 @@ x11 none disable-mnt private-cache private-dev -private-etc texlive,texmf +private-etc alternatives,ld.so.cache,ld.so.preload,texlive,texmf private-tmp dbus-user none diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index 66289653081..fb629669aa9 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile @@ -26,6 +26,6 @@ seccomp private-bin dbus-launch,parole private-cache -private-etc @tls-ca +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,pulse,ssl restrict-namespaces diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index 196ce424dfe..1780f982c77 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile @@ -44,7 +44,7 @@ disable-mnt private-bin pavucontrol private-cache private-dev -private-etc avahi +private-etc alternatives,asound.conf,avahi,fonts,ld.so.cache,ld.so.preload,machine-id,pulse,resolv.conf private-lib private-tmp diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index 5b3cf0fef5d..784d8273643 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile @@ -47,7 +47,7 @@ private-bin pcsxr private-cache # Add the next line to your pcsxr.local if you do not need controller support. #private-dev -private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg private-opt none private-tmp diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index 0ab006084d7..2e38dde3bac 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile @@ -33,7 +33,7 @@ seccomp private-bin pdfchain,pdftk,sh private-dev -private-etc @x11 +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index cb7e0809fd3..7ece10835bd 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile @@ -48,7 +48,7 @@ x11 none private-bin pdftotext private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index 96744e01980..24a1bc97936 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile @@ -47,7 +47,7 @@ tracelog disable-mnt private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh private-dev -private-etc @x11,firejail +private-etc alternatives,dconf,firejail,fonts,gtk-3.0,ld.so.cache,ld.so.preload,login.defs,pango,passwd,X11 private-tmp dbus-user filter diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index 5261093d203..dcb52c846ec 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile @@ -42,7 +42,7 @@ disable-mnt private-bin photoflare private-cache private-dev -private-etc @x11,mime.types +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,mime.types,X11 private-tmp dbus-user none diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index 08aa67bf7ac..3664e1469da 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile @@ -47,7 +47,7 @@ disable-mnt private-bin pinball private-cache private-dev -private-etc +private-etc alsa,alternatives,asound.conf,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id,pulse private-tmp dbus-user none diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index dbb333afb0c..ddb8ff86792 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile @@ -56,7 +56,7 @@ private #private-bin ping - has mammoth problems with execvp: "No such file or directory" private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,login.defs,passwd,pki,resolv.conf,ssl private-lib private-tmp diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index 3ff033e0b97..a86b6da0406 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile @@ -50,7 +50,7 @@ disable-mnt private-bin pingus,pingus.bin,sh private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 799c8f60799..88173edca89 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile @@ -43,7 +43,7 @@ private private-bin pkglog,python* private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-opt none private-tmp writable-var-log diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index 34e18cbd701..62927f9f701 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile @@ -45,7 +45,7 @@ disable-mnt private-bin plv private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-opt none private-tmp writable-var-log diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index 34199a08d79..8e2c39b83b4 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile @@ -46,7 +46,7 @@ x11 none private-bin pngquant private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index da16ae91211..58528c37204 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile @@ -42,7 +42,7 @@ seccomp private-bin ppsspp,PPSSPP,PPSSPPQt,PPSSPPSDL # Add the next line to your ppsspp.local if you do not need controller support. #private-dev -private-etc @tls-ca,@x11,host.conf +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl private-opt ppsspp private-tmp diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index 6d766b212c7..73b37771244 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile @@ -32,7 +32,7 @@ protocol unix,inet,inet6 seccomp private-dev -private-etc @tls-ca,@x11,host.conf +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp restrict-namespaces diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index c866c3d1613..279536bb9c9 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile @@ -43,7 +43,7 @@ seccomp private-bin profanity private-cache private-dev -private-etc @tls-ca,mime.types +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl private-tmp dbus-user filter diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index a1a0606b94f..be06c5d8967 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile @@ -70,7 +70,7 @@ disable-mnt private-bin getopt,psi private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gcrypt,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile index 0789450cb6c..ba71ab29d29 100644 --- a/etc/profile-m-z/pybitmessage.profile +++ b/etc/profile-m-z/pybitmessage.profile @@ -40,7 +40,7 @@ seccomp disable-mnt private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat private-dev -private-etc @tls-ca,@x11,PyBitmessage,PyBitmessage.conf,sni-qt.conf,system-fips +private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg private-tmp restrict-namespaces diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile index 19ef7a4640b..71374a8c865 100644 --- a/etc/profile-m-z/qcomicbook.profile +++ b/etc/profile-m-z/qcomicbook.profile @@ -52,7 +52,7 @@ tracelog private-bin 7z,7zr,qcomicbook,rar,sh,tar,unace,unrar,unzip private-cache private-dev -private-etc @x11,mime.types +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,Trolltech.conf,X11,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index 1f378e00434..d4b71f9723a 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile @@ -51,7 +51,7 @@ tracelog disable-mnt private-cache private-dev -private-etc @tls-ca,@x11,QGIS,QGIS.conf +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf private-tmp dbus-user none diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index 1cfbaee6a14..cafdb98e927 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile @@ -46,7 +46,7 @@ tracelog private-bin 7z,qnapi private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf private-opt none private-tmp diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index 42c098487a7..09b70756b63 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile @@ -46,7 +46,7 @@ disable-mnt private-bin qrencode private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-lib libpcre* private-tmp diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile index ab0f9425a8e..f95720d71c4 100644 --- a/etc/profile-m-z/qtox.profile +++ b/etc/profile-m-z/qtox.profile @@ -42,7 +42,7 @@ disable-mnt private-bin qtox private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index fbc003d6553..ad45a26d566 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile @@ -46,7 +46,7 @@ disable-mnt private-bin quaternion private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile index 56bfaa9171f..ea49684e394 100644 --- a/etc/profile-m-z/quodlibet.profile +++ b/etc/profile-m-z/quodlibet.profile @@ -59,7 +59,7 @@ tracelog private-bin exfalso,operon,python*,quodlibet,sh private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,passwd,pki,pulse,resolv.conf,ssl private-tmp dbus-system none diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index e83484ae58c..ea0e2afa789 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile @@ -56,7 +56,7 @@ seccomp !chroot,!name_to_handle_at disable-mnt private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl private-tmp dbus-user filter diff --git a/etc/profile-m-z/raincat.profile b/etc/profile-m-z/raincat.profile index 72c5f397989..e320d82f7eb 100644 --- a/etc/profile-m-z/raincat.profile +++ b/etc/profile-m-z/raincat.profile @@ -39,7 +39,7 @@ private private-bin raincat private-cache private-dev -private-etc @games,@x11 +private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,timidity,timidity.cfg #private-lib private-tmp diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile index e0dea194a0e..1295ce00d98 100644 --- a/etc/profile-m-z/rednotebook.profile +++ b/etc/profile-m-z/rednotebook.profile @@ -58,7 +58,7 @@ disable-mnt private-bin python3*,rednotebook private-cache private-dev -private-etc @x11 +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 private-tmp dbus-user none diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index 2e962b1ea41..571381f57f8 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile @@ -42,7 +42,7 @@ disable-mnt private-bin regextester private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-lib libgranite.so.* private-tmp diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index c908319cae6..91b18678ffa 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile @@ -48,7 +48,7 @@ disable-mnt private-bin rsync private-cache private-dev -private-etc @tls-ca,host.conf,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index 0d57e691611..565925e7a29 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile @@ -58,7 +58,7 @@ disable-mnt private-bin less,python*,rtv,sh,xdg-settings private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mailcap,mime.types,rpc,services,terminfo +private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg dbus-user none dbus-system none diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index fb432526490..6dfb50c5a49 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile @@ -42,7 +42,7 @@ disable-mnt private-bin scorchwentbonkers private-cache private-dev -private-etc +private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse private-tmp dbus-user none diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile index bbf46fe1949..184a0695836 100644 --- a/etc/profile-m-z/seafile-applet.profile +++ b/etc/profile-m-z/seafile-applet.profile @@ -53,7 +53,7 @@ disable-mnt private-bin seaf-cli,seaf-daemon,seafile-applet private-cache private-dev -private-etc @tls-ca,host.conf,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl #private-opt none private-tmp diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 5985e0da345..7ff252ec7cd 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile @@ -47,7 +47,7 @@ private private-bin bash,dash,python*,seahorse-adventures,sh private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index 19008246145..e6f51bff9a9 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile @@ -57,7 +57,7 @@ tracelog disable-mnt private-cache private-dev -private-etc @tls-ca,@x11,gconf,host.conf,pkcs11,rpc,services,ssh +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,login.defs,nsswitch.conf,pango,passwd,pkcs11,pki,protocols,resolv.conf,rpc,services,ssh,ssl,xdg private-tmp writable-run-user diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile index 87621de698c..cd2a9f13e89 100644 --- a/etc/profile-m-z/shortwave.profile +++ b/etc/profile-m-z/shortwave.profile @@ -45,7 +45,7 @@ disable-mnt private-bin shortwave private-cache private-dev -private-etc @tls-ca,@x11,gconf,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl,X11,xdg private-tmp restrict-namespaces diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index 387d45cdcbd..d33a97ffc2c 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile @@ -48,7 +48,7 @@ tracelog private-bin shotwell private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-opt none private-tmp diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index d881db714e7..d2b604df5b3 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile @@ -46,7 +46,7 @@ private-bin java,sh,signal-cli private-cache private-dev # Does not work with all Java configurations. You will notice immediately, so you might want to give it a try -#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java*,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl +#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java-10-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java.conf,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl private-tmp restrict-namespaces diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile index 4a57bf38c5b..2c4bdecd8a7 100644 --- a/etc/profile-m-z/signal-desktop.profile +++ b/etc/profile-m-z/signal-desktop.profile @@ -19,7 +19,7 @@ read-only ${HOME}/.mozilla/firefox/profiles.ini mkdir ${HOME}/.config/Signal whitelist ${HOME}/.config/Signal -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl dbus-user filter diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile index a94176bf7d0..a511ebb1cb8 100644 --- a/etc/profile-m-z/slack.profile +++ b/etc/profile-m-z/slack.profile @@ -26,7 +26,7 @@ mkdir ${HOME}/.config/Slack whitelist ${HOME}/.config/Slack private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack -private-etc @tls-ca,debian_version,fedora-release,os-release,redhat-release,system-release,system-release-cpe +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe # Redirect include electron.profile diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile index 89342aad86b..ffed9d44c22 100644 --- a/etc/profile-m-z/smuxi-frontend-gnome.profile +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile @@ -47,7 +47,7 @@ disable-mnt private-bin bash,mono,mono-sgen,sh,smuxi-frontend-gnome private-cache private-dev -private-etc @tls-ca,@x11,mono +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,mono,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg private-tmp dbus-user none diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index f130176c1b3..b4658b7af11 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile @@ -42,7 +42,7 @@ tracelog private-bin freeoffice-planmaker,freeoffice-presentations,freeoffice-textmaker,planmaker18,planmaker18free,presentations18,presentations18free,sh,textmaker18,textmaker18free private-cache private-dev -private-etc @tls-ca,SoftMaker +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,SoftMaker,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index cf64076e3ae..5a131431558 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile @@ -55,7 +55,7 @@ disable-mnt private-bin spectacle private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload private-tmp dbus-user filter diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index 41b1f650795..4bc23fc041f 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile @@ -45,7 +45,7 @@ disable-mnt private-cache private-bin spectral private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index f07b1031904..721e39cd4c7 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile @@ -45,7 +45,7 @@ disable-mnt private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity private-dev # If you want to see album covers or want to use the radio, add 'ignore private-etc' to your spotify.local. -private-etc @tls-ca,host.conf,spotify-adblock +private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,spotify-adblock,ssl private-opt spotify private-srv none private-tmp diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index 4e28958e44b..00df625c0ce 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile @@ -41,7 +41,7 @@ seccomp.block-secondary private-bin sqlitebrowser private-cache private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl private-tmp # breaks proxy creation diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile index 95dc3574153..868c724d25c 100644 --- a/etc/profile-m-z/standardnotes-desktop.profile +++ b/etc/profile-m-z/standardnotes-desktop.profile @@ -38,7 +38,7 @@ seccomp !chroot disable-mnt private-dev private-tmp -private-etc @tls-ca,@x11,host.conf +private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg dbus-user none dbus-system none diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index a5b4d5d87d2..f807afdc79a 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile @@ -175,7 +175,7 @@ seccomp.32 !process_vm_readv private-dev # private-etc breaks a small selection of games on some systems. Add 'ignore private-etc' # to your steam.local to support those. -private-etc @games,@tls-ca,@x11,bumblebee,dbus-1,host.conf,lsb-release,mime.types,os-release,services +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan private-tmp #dbus-user none diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index b6b2c63d371..e9d2ca4305b 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile @@ -42,7 +42,7 @@ disable-mnt private-bin strawberry,strawberry-tagreader private-cache private-dev -private-etc @tls-ca,host.conf +private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl private-tmp dbus-system none diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index 6de288c46c8..896d4bc3e84 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile @@ -43,7 +43,7 @@ tracelog private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index 2ad107f1a16..1f532d76c81 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile @@ -43,7 +43,7 @@ tracelog disable-mnt # private-bin supertux2 private-cache -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload,machine-id private-dev private-tmp diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 0a436b22f94..b4eb70fcb7d 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile @@ -53,7 +53,7 @@ private-bin supertuxkart private-cache # Add the next line to your supertuxkart.local if you do not need controller support. #private-dev -private-etc @games,@tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,ld.so.cache,ld.so.preload,machine-id,openal,pki,resolv.conf,ssl private-tmp private-opt none private-srv none diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index 9be7aaf3c5a..3508e11b056 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile @@ -33,7 +33,7 @@ tracelog disable-mnt private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl private-tmp restrict-namespaces diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index 726baf336e7..cef0294016a 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile @@ -62,7 +62,7 @@ disable-mnt #private-bin sysprof - breaks help menu private-cache private-dev -private-etc @tls-ca +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id,ssl # private-lib - breaks help menu #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so private-tmp diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index da3b4f78232..a9d0a60d1f8 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile @@ -17,7 +17,7 @@ ignore include disable-shell.inc # all capabilities this is automatically read-only. noblacklist /var/lib/pacman -private-etc +private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,login.defs,passwd #private-lib libfakeroot,liblzma.so.*,libreadline.so.* # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) writable-var diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile index fd55daa4a1a..5711c1b3603 100644 --- a/etc/profile-m-z/teams-for-linux.profile +++ b/etc/profile-m-z/teams-for-linux.profile @@ -22,7 +22,7 @@ mkdir ${HOME}/.config/teams-for-linux whitelist ${HOME}/.config/teams-for-linux private-bin bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,resolv.conf,ssl # Redirect include electron.profile diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index ba915c2d442..886d303c833 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile @@ -46,7 +46,7 @@ disable-mnt private-bin bash,sh,telegram,Telegram,telegram-desktop,xdg-open private-cache private-dev -private-etc @tls-ca,@x11,os-release +private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg private-tmp dbus-user filter diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile index ced3aaa8aca..9249e33c831 100644 --- a/etc/profile-m-z/terasology.profile +++ b/etc/profile-m-z/terasology.profile @@ -40,7 +40,7 @@ seccomp disable-mnt private-dev -private-etc @tls-ca,@x11,dbus-1,host.conf,java*,lsb-release,mime.types +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/tesseract.profile b/etc/profile-m-z/tesseract.profile index 54568b7d3e0..11a21c471c5 100644 --- a/etc/profile-m-z/tesseract.profile +++ b/etc/profile-m-z/tesseract.profile @@ -54,7 +54,7 @@ x11 none private-bin ambiguous_words,classifier_tester,cntraining,combine_lang_model,combine_tessdata,dawg2wordlist,lstmeval,lstmtraining,merge_unicharsets,mftraining,set_unicharset_properties,shapeclustering,tesseract,text2image,unicharset_extractor,wordlist2dawg private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload #private-lib libtesseract.so.* private-tmp diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index ed8cd7369c4..f49738f2b1b 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile @@ -29,7 +29,7 @@ tracelog disable-mnt private-bin tilp private-cache -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp restrict-namespaces diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index a03a6caa0c2..3cbf90660a0 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile @@ -57,7 +57,7 @@ disable-mnt private-bin rtin,tin private-cache private-dev -private-etc terminfo,tin +private-etc alternatives,ld.so.cache,ld.so.preload,passwd,resolv.conf,terminfo,tin private-lib terminfo private-tmp diff --git a/etc/profile-m-z/tor.profile b/etc/profile-m-z/tor.profile index b58aec9260d..275b170ff2a 100644 --- a/etc/profile-m-z/tor.profile +++ b/etc/profile-m-z/tor.profile @@ -45,7 +45,7 @@ private private-bin bash,tor private-cache private-dev -private-etc @tls-ca,tor +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor private-tmp writable-var diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 41ac6f7a7b0..fab79282648 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile @@ -58,7 +58,7 @@ seccomp !chroot disable-mnt private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity private-dev -private-etc @tls-ca +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index 645c55c3b02..6069be500c9 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile @@ -44,7 +44,7 @@ tracelog private-bin geoiplookup,geoiplookup6,transgui private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.* private-tmp diff --git a/etc/profile-m-z/transmission-cli.profile b/etc/profile-m-z/transmission-cli.profile index edb4db8aa74..8a1711e97e0 100644 --- a/etc/profile-m-z/transmission-cli.profile +++ b/etc/profile-m-z/transmission-cli.profile @@ -8,7 +8,7 @@ include transmission-cli.local include globals.local private-bin transmission-cli -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl # Redirect include transmission-common.profile diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 4fc5a3aa742..5d28f2f10e6 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile @@ -17,7 +17,7 @@ caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot protocol packet private-bin transmission-daemon -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl read-write /var/lib/transmission writable-var-log diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile index a8dd960019b..f93c4229cea 100644 --- a/etc/profile-m-z/transmission-remote-gtk.profile +++ b/etc/profile-m-z/transmission-remote-gtk.profile @@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/transmission-remote-gtk mkdir ${HOME}/.config/transmission-remote-gtk whitelist ${HOME}/.config/transmission-remote-gtk -private-etc +private-etc alternatives,fonts,hostname,hosts,ld.so.cache,ld.so.preload,resolv.conf ignore memory-deny-write-execute diff --git a/etc/profile-m-z/transmission-remote.profile b/etc/profile-m-z/transmission-remote.profile index a431164f68d..565433d992b 100644 --- a/etc/profile-m-z/transmission-remote.profile +++ b/etc/profile-m-z/transmission-remote.profile @@ -8,7 +8,7 @@ include transmission-remote.local include globals.local private-bin transmission-remote -private-etc +private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf # Redirect include transmission-common.profile diff --git a/etc/profile-m-z/transmission-show.profile b/etc/profile-m-z/transmission-show.profile index dc667ae0511..0a5826ec4b2 100644 --- a/etc/profile-m-z/transmission-show.profile +++ b/etc/profile-m-z/transmission-show.profile @@ -8,7 +8,7 @@ include transmission-show.local include globals.local private-bin transmission-show -private-etc +private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf # Redirect include transmission-common.profile diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index 378c8a1b70b..63e964355c4 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile @@ -53,7 +53,7 @@ tracelog private-bin trojita private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg private-tmp dbus-user filter diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile index 56eacf33824..d2cb0cc8ac5 100644 --- a/etc/profile-m-z/tutanota-desktop.profile +++ b/etc/profile-m-z/tutanota-desktop.profile @@ -24,7 +24,7 @@ whitelist ${HOME}/.mozilla/firefox/profiles.ini read-only ${HOME}/.mozilla/firefox/profiles.ini ?HAS_APPIMAGE: ignore private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl private-opt tutanota-desktop # Redirect diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile index 1f548a92dd6..987a2b71951 100644 --- a/etc/profile-m-z/twitch.profile +++ b/etc/profile-m-z/twitch.profile @@ -18,7 +18,7 @@ mkdir ${HOME}/.config/Twitch whitelist ${HOME}/.config/Twitch private-bin electron,electron[0-9],electron[0-9][0-9],twitch -private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-opt Twitch # Redirect diff --git a/etc/profile-m-z/udiskie.profile b/etc/profile-m-z/udiskie.profile index c182326bb8f..7e3c7ac5aab 100644 --- a/etc/profile-m-z/udiskie.profile +++ b/etc/profile-m-z/udiskie.profile @@ -40,7 +40,7 @@ private-bin awk,cut,dbus-send,egrep,file,grep,head,python*,readlink,sed,sh,udisk # private-bin thunar private-cache private-dev -private-etc @x11,mime.types +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg private-tmp restrict-namespaces diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index aac99aed56a..6ec6ea609db 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile @@ -48,7 +48,7 @@ private-bin unf private-cache ?HAS_APPIMAGE: ignore private-dev private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-lib gcc/*/*/libgcc_s.so.* private-tmp diff --git a/etc/profile-m-z/unrar.profile b/etc/profile-m-z/unrar.profile index 43d5dae5eb6..443d1f41542 100644 --- a/etc/profile-m-z/unrar.profile +++ b/etc/profile-m-z/unrar.profile @@ -8,7 +8,7 @@ include unrar.local include globals.local private-bin unrar -private-etc +private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd private-tmp # Redirect diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index 9fefe6ad341..97df693ba76 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile @@ -10,7 +10,7 @@ include globals.local # GNOME Shell integration (chrome-gnome-shell) noblacklist ${HOME}/.local/share/gnome-shell -private-etc +private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd # Redirect include archiver-common.profile diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile index 046b75a87f3..f85e522736e 100644 --- a/etc/profile-m-z/utox.profile +++ b/etc/profile-m-z/utox.profile @@ -42,7 +42,7 @@ disable-mnt private-bin utox private-cache private-dev -private-etc @games,@tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,openal,pki,pulse,resolv.conf,ssl private-tmp memory-deny-write-execute diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index a6d2a65e9a4..29d88832c72 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile @@ -40,7 +40,7 @@ x11 none private-bin uudeview private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload dbus-user none dbus-system none diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index aa81994429f..cdf615a02d1 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile @@ -43,7 +43,7 @@ tracelog private-bin viewnior private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp dbus-user none diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index 37e96286717..b9a5c08e8dd 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile @@ -44,7 +44,7 @@ tracelog #disable-mnt #private-bin awk,basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami private-cache -private-etc @tls-ca,@x11,conf.d +private-etc alsa,alternatives,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index c2fd14811df..ba413641334 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile @@ -48,7 +48,7 @@ tracelog disable-mnt private-cache private-dev -private-etc @tls-ca,@x11,bumblebee,gai.conf,gconf,glvnd,host.conf,magic,magic.mgc,mime.types,proxychains.conf,rpc,services,terminfo,vmware,vmware-tools,vmware-vix +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gai.conf,gconf,glvnd,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,magic,magic.mgc,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,proxychains.conf,pulse,resolv.conf,rpc,services,ssl,terminfo,vmware,vmware-tools,vmware-vix,X11,xdg # Logs are kept in /tmp. Add 'ignore private-tmp' to your vmware-view.local if you need them without joining the sandbox. private-tmp diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile index 7619ef47b9a..74c951fe642 100644 --- a/etc/profile-m-z/vmware.profile +++ b/etc/profile-m-z/vmware.profile @@ -38,6 +38,6 @@ tracelog #disable-mnt # Add the next line to your vmware.local to enable private-bin. #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-* -private-etc @tls-ca,@x11,conf.d,mtab,vmware,vmware-installer,vmware-vix +private-etc alsa,alternatives,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mtab,passwd,pki,pulse,resolv.conf,ssl,vmware,vmware-installer,vmware-vix dbus-user none dbus-system none diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index edc08ca443d..1e111f83ec3 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile @@ -61,7 +61,7 @@ disable-mnt private-bin perl,sh,w3m private-cache private-dev -private-etc @tls-ca,mailcap +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,mailcap,nsswitch.conf,pki,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index 5765613d4fe..37a8f78bbd4 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile @@ -48,7 +48,7 @@ disable-mnt private-bin warmux private-cache private-dev -private-etc @tls-ca,host.conf,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile index 62d667d574e..8a9614fb07f 100644 --- a/etc/profile-m-z/whalebird.profile +++ b/etc/profile-m-z/whalebird.profile @@ -22,7 +22,7 @@ whitelist ${HOME}/.config/Whalebird no3d private-bin electron,electron[0-9],electron[0-9][0-9],whalebird -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl # Redirect include electron.profile diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 8958564ef2a..d8c72ac8bb6 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile @@ -46,7 +46,7 @@ private private-bin bash,sh,whois private-cache private-dev -private-etc jwhois.conf,services,whois.conf +private-etc alternatives,hosts,jwhois.conf,ld.so.cache,ld.so.preload,resolv.conf,services,whois.conf private-lib gconv private-tmp diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile index fc4fa24350f..d8742cd7190 100644 --- a/etc/profile-m-z/wire-desktop.profile +++ b/etc/profile-m-z/wire-desktop.profile @@ -26,7 +26,7 @@ mkdir ${HOME}/.config/Wire whitelist ${HOME}/.config/Wire private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl # Redirect include electron.profile diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 310e8b47000..ccc2e8dd036 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile @@ -44,7 +44,7 @@ private private-bin wordwarvi private-cache private-dev -private-etc +private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse private-tmp dbus-user none diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index e85bb9f1893..1b44b63e0d9 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile @@ -43,7 +43,7 @@ private private-bin xbill private-cache private-dev -private-etc +private-etc alternatives,ld.so.cache,ld.so.preload private-tmp dbus-user none diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index 9c4fa829322..95eb2046e39 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile @@ -45,7 +45,7 @@ disable-mnt private-bin xfce4-mixer,xfconf-query private-cache private-dev -private-etc +private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id,pulse private-tmp dbus-user filter diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index 4d841b35cdf..575acc9b286 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile @@ -41,7 +41,7 @@ tracelog disable-mnt private-bin xfce4-screenshooter,xfconf-query private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index 76e58aff3d7..371db722c1d 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile @@ -46,7 +46,7 @@ disable-mnt private-bin xiphos private-cache private-dev -private-etc @tls-ca,sword,sword.conf +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf private-tmp restrict-namespaces diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile index b597dc7a2c2..404baf6073a 100644 --- a/etc/profile-m-z/xlinks.profile +++ b/etc/profile-m-z/xlinks.profile @@ -14,7 +14,7 @@ include whitelist-common.inc # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line private-bin xlinks -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload # Redirect include links.profile diff --git a/etc/profile-m-z/xlinks2.profile b/etc/profile-m-z/xlinks2.profile index 83356fb7b04..d7edd3543f1 100644 --- a/etc/profile-m-z/xlinks2.profile +++ b/etc/profile-m-z/xlinks2.profile @@ -14,7 +14,7 @@ include whitelist-common.inc # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line private-bin xlinks2 -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload # Redirect include links2.profile diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index b8bf0ae96db..ad1ba8ca3f0 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile @@ -37,7 +37,7 @@ disable-mnt private ${HOME}/.xmr-stak private-bin xmr-stak private-dev -private-etc @tls-ca +private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend private-opt cuda private-tmp diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 87e75986d56..9128c330b87 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile @@ -45,7 +45,7 @@ disable-mnt private-cache private-bin blind-id,darkplaces-glx,darkplaces-sdl,dirname,ldd,netstat,ps,readlink,sh,uname,xonotic* private-dev -private-etc @tls-ca,@x11,host.conf +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index e2e97f0286d..a17464a2a3c 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile @@ -42,7 +42,7 @@ tracelog private-bin xournal private-cache private-dev -private-etc +private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd # TODO should use private-lib private-tmp diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile index e1c9c03e8fe..a23ad68df53 100644 --- a/etc/profile-m-z/xournalpp.profile +++ b/etc/profile-m-z/xournalpp.profile @@ -28,7 +28,7 @@ include whitelist-runuser-common.inc #include whitelist-common.inc private-bin kpsewhich,pdflatex,xournalpp -private-etc latexmk.conf,texlive +private-etc alternatives,latexmk.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,texlive # Redirect include xournal.profile diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile index 6edbf935705..ff5dc619bed 100644 --- a/etc/profile-m-z/xreader.profile +++ b/etc/profile-m-z/xreader.profile @@ -38,7 +38,7 @@ tracelog private-bin xreader,xreader-previewer,xreader-thumbnailer private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp memory-deny-write-execute diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index f5dd0c309b2..6ea7fdfbdf7 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile @@ -55,7 +55,7 @@ disable-mnt private-bin groff,man,tbl,troff,yelp private-cache private-dev -private-etc @games,@tls-ca,@x11,cups,groff,man_db.conf,os-release,sgml,xml +private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,groff,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,man_db.conf,openal,os-release,pulse,sgml,xml private-tmp dbus-user filter diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile index b706bec4e68..c846893ef9e 100644 --- a/etc/profile-m-z/youtube-dl-gui.profile +++ b/etc/profile-m-z/youtube-dl-gui.profile @@ -48,7 +48,7 @@ disable-mnt private-bin atomicparsley,ffmpeg,ffprobe,python*,youtube-dl-gui private-cache private-dev -private-etc @tls-ca,@x11 +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,locale,locale.conf,passwd,pki,resolv.conf,ssl private-tmp dbus-user none diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 8376b4989c1..4f2cc95239b 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile @@ -57,7 +57,7 @@ tracelog private-bin env,ffmpeg,python*,youtube-dl private-cache private-dev -private-etc @tls-ca,mime.types,youtube-dl.conf +private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,pki,resolv.conf,ssl,youtube-dl.conf private-tmp dbus-user none diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index 9ef90eb92fc..f66e2938b06 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile @@ -59,7 +59,7 @@ disable-mnt private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,xterm,youtube-dl,yt-dlp private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile index 9bb1991c230..5c4d697da5e 100644 --- a/etc/profile-m-z/youtube.profile +++ b/etc/profile-m-z/youtube.profile @@ -17,7 +17,7 @@ mkdir ${HOME}/.config/Youtube whitelist ${HOME}/.config/Youtube private-bin electron,electron[0-9],electron[0-9][0-9],youtube -private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-opt Youtube # Redirect diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile index 09a8a446fa2..2b5ffeaaf4b 100644 --- a/etc/profile-m-z/youtubemusic-nativefier.profile +++ b/etc/profile-m-z/youtubemusic-nativefier.profile @@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtubemusic-nativefier-040164 whitelist ${HOME}/.config/youtubemusic-nativefier-040164 private-bin electron,electron[0-9],electron[0-9][0-9],youtubemusic-nativefier -private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg private-opt youtubemusic-nativefier # Redirect diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile index 49d4b3b56bf..6e835b03f0e 100644 --- a/etc/profile-m-z/yt-dlp.profile +++ b/etc/profile-m-z/yt-dlp.profile @@ -15,7 +15,7 @@ noblacklist ${HOME}/yt-dlp.conf noblacklist ${HOME}/yt-dlp.conf.txt private-bin ffprobe,yt-dlp -private-etc yt-dlp.conf +private-etc alternatives,ld.so.cache,ld.so.preload,yt-dlp.conf # Redirect include youtube-dl.profile diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile index 43b624705bd..aa466871cb8 100644 --- a/etc/profile-m-z/ytmdesktop.profile +++ b/etc/profile-m-z/ytmdesktop.profile @@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtube-music-desktop-app whitelist ${HOME}/.config/youtube-music-desktop-app # private-bin env,ytmdesktop -private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types +private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg # private-opt # Redirect diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile index 35c3f13006b..1daf89c8473 100644 --- a/etc/profile-m-z/zathura.profile +++ b/etc/profile-m-z/zathura.profile @@ -48,7 +48,7 @@ tracelog private-bin zathura private-cache private-dev -private-etc +private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id # private-lib has problems on Debian 10 #private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,libarchive.so.*,libdjvulibre.so.*,libgirara-gtk*,libpoppler-glib.so.*,libspectre.so.*,zathura private-tmp diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile index caf9eab632f..453f40e73fd 100644 --- a/etc/profile-m-z/zeal.profile +++ b/etc/profile-m-z/zeal.profile @@ -60,7 +60,7 @@ disable-mnt private-bin zeal private-cache private-dev -private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services +private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg private-tmp dbus-user filter diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile index 69ec3a706d9..a9e5aa5c3ac 100644 --- a/etc/profile-m-z/zim.profile +++ b/etc/profile-m-z/zim.profile @@ -63,7 +63,7 @@ disable-mnt private-bin python*,zim private-cache private-dev -private-etc @x11,gconf +private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 private-tmp dbus-user none diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index 1622b388637..b69de3be11c 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile @@ -43,7 +43,7 @@ disable-mnt private-bin locale,zulip private-cache private-dev -private-etc +private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp restrict-namespaces diff --git a/src/etc-cleanup/Makefile b/src/etc-cleanup/Makefile deleted file mode 100644 index 349da882153..00000000000 --- a/src/etc-cleanup/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -ROOT = ../.. --include $(ROOT)/config.mk - -PROG = etc-cleanup -TARGET = $(PROG) - -MOD_HDRS = ../include/etc-groups.h - -include $(ROOT)/src/prog.mk diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h index dd9d94ffd60..e3f8bcc7e9f 100644 --- a/src/include/etc_groups.h +++ b/src/include/etc_groups.h @@ -20,7 +20,6 @@ #ifndef ETC_GROUPS_H #define ETC_GROUPS_H -#include #define ETC_MAX 256 @@ -40,7 +39,6 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer "login.defs", // firejail reading UID/GID MIN and MAX at startup "nsswitch.conf", "passwd", - "selinux", NULL }; @@ -49,7 +47,6 @@ static char *etc_group_games[] = { "openal", // 3D sound "timidity", // MIDI "timidity.cfg", - "vulkan", // next generation OpenGL stack NULL }; @@ -92,7 +89,6 @@ static char *etc_group_x11[] = { "kde5rc", "nvidia", // 3D "pango", // text rendering/internationalization - "Trolltech.conf", // old QT config file "X11", "xdg", NULL diff --git a/src/etc-cleanup/main.c b/src/tools/cleanup_etc.c similarity index 65% rename from src/etc-cleanup/main.c rename to src/tools/cleanup_etc.c index 47fe1556ba5..5c926a8c646 100644 --- a/src/etc-cleanup/main.c +++ b/src/tools/cleanup_etc.c @@ -18,9 +18,15 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include "../include/etc_groups.h" -#include "../include/common.h" +#include +#include +#include #include +#include +#include "../include/etc_groups.h" +#define errExit(msg) do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0) + + #define MAX_BUF 4098 #define MAX_ARR 1024 @@ -32,8 +38,6 @@ static int arr_x11 = 0; static int arr_games = 0; static char outbuf[256 * 1024]; static char *outptr; -static int arg_replace = 0; -static int arg_debug = 0; void outprintf(char* fmt, ...) { va_list args; @@ -74,17 +78,6 @@ static void arr_add(const char *fname) { arr_cnt++; } -int arr_cmp(const void *p1, const void *p2) { - char **ptr1 = (char **) p1; - char **ptr2 = (char **) p2; - - return strcmp(*ptr1, *ptr2); -} - -static void arr_sort(void) { - qsort(&arr[0], arr_cnt, sizeof(char *), arr_cmp); -} - static void arr_clean(void) { int i; for (i = 0; i < arr_cnt; i++) { @@ -98,27 +91,29 @@ static void arr_clean(void) { arr_x11 = 0; } -static char *arr_print(void) { - char *last_line = outptr; +static void arr_print(void) { + printf("private-etc "); outprintf("private-etc "); - if (arr_games) + if (arr_games) { + printf("@games,"); outprintf("@games,"); - if (arr_tls_ca) + } + if (arr_tls_ca) { + printf("@tls-ca,"); outprintf("@tls-ca,"); - if (arr_x11) + } + if (arr_x11) { + printf("@x11,"); outprintf("@x11,"); - + } int i; - for (i = 0; i < arr_cnt; i++) + for (i = 0; i < arr_cnt; i++) { + printf("%s,", arr[i]); outprintf("%s,", arr[i]); - if (*(outptr - 1) == ' ' || *(outptr - 1) == ',') { - outptr--; - *outptr = '\0'; } + printf("\n"); outprintf("\n"); - - return last_line; } static void process_file(const char *fname) { @@ -126,13 +121,12 @@ static void process_file(const char *fname) { FILE *fp = fopen(fname, "r"); if (!fp) { - fprintf(stderr, "Error: cannot open %s file\n", fname); + fprintf(stderr, "Error: cannot open profile file\n"); exit(1); } outptr = outbuf; *outptr = '\0'; - arr_clean(); char line[MAX_BUF]; char orig_line[MAX_BUF]; @@ -140,16 +134,18 @@ static void process_file(const char *fname) { int print = 0; while (fgets(line, MAX_BUF, fp)) { cnt++; - if (strncmp(line, "private-etc", 11) != 0) { - outprintf("%s", line); + if (strncmp(line, "private-etc ", 12) != 0) { + sprintf(outptr, "%s", line); + outptr += strlen(outptr); continue; } - - strcpy(orig_line,line); char *ptr = strchr(line, '\n'); if (ptr) *ptr = '\0'; + print = 1; + strcpy(orig_line,line); + ptr = line + 12; while (*ptr == ' ' || *ptr == '\t') ptr++; @@ -158,7 +154,7 @@ static void process_file(const char *fname) { char *ptr2 = ptr; while (*ptr2 != '\0') { if (*ptr2 == ' ' || *ptr2 == '\t') { - fprintf(stderr, "Error: invalid private-etc line %s:%d\n", fname, cnt); + fprintf(stderr, "Error: invlid private-etc line %s:%d\n", fname, cnt); exit(1); } ptr2++; @@ -166,8 +162,6 @@ static void process_file(const char *fname) { ptr = strtok(ptr, ","); while (ptr) { - if (arg_debug) - printf("%s\n", ptr); if (arr_check(ptr, &etc_list[0])); else if (arr_check(ptr, &etc_group_sound[0])); else if (arr_check(ptr, &etc_group_network[0])); @@ -189,36 +183,30 @@ static void process_file(const char *fname) { ptr = strtok(NULL, ","); } - arr_sort(); - char *last_line = arr_print(); - if (strcmp(last_line, orig_line) == 0) { - fclose(fp); - return; - } - printf("\n********************\nfile: %s\n\nold: %s\nnew: %s\n", fname, orig_line, last_line); - print = 1; + printf("\n%s: %s\n%s: ", fname, orig_line, fname); + arr_print(); + arr_clean(); } fclose(fp); - if (print && arg_replace) { - fp = fopen(fname, "w"); - if (!fp) { - fprintf(stderr, "Error: cannot open profile file\n"); - exit(1); + if (print) { + printf("Replace %s file? (Y/N): ", fname); + fgets(line, MAX_BUF, stdin); + if (*line == 'y' || *line == 'Y') { + fp = fopen(fname, "w"); + if (!fp) { + fprintf(stderr, "Error: cannot open profile file\n"); + exit(1); + } + fprintf(fp, "%s", outbuf); + fclose(fp); } - fprintf(fp, "%s", outbuf); - fclose(fp); } } static void usage(void) { - printf("usage: cleanup-etc [options] file.profile [file.profile]\n"); - printf("Group and clean private-etc entries in one or more profile files.\n"); - printf("Options:\n"); - printf(" --debug - print debug messages\n"); - printf(" -h, -?, --help - this help screen\n"); - printf(" --replace - replace profile file\n"); + printf("usage: cleanup-etc file.profile\n"); } int main(int argc, char **argv) { @@ -230,25 +218,13 @@ int main(int argc, char **argv) { int i; for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-h") == 0 || - strcmp(argv[i], "-?") == 0 || - strcmp(argv[i], "--help") == 0) { + if (strcmp(argv[i], "-h") == 0) { usage(); return 0; } - else if (strcmp(argv[i], "--debug") == 0) - arg_debug = 1; - else if (strcmp(argv[i], "--replace") == 0) - arg_replace = 1; - else if (*argv[i] == '-') { - fprintf(stderr, "Error: invalid program option %s\n", argv[i]); - return 1; - } - else - break; } - for (; i < argc; i++) + for (i = 1; i < argc; i++) process_file(argv[i]); return 0;