diff --git a/brackets.profile b/brackets.profile index b79d3aba..da23bab1 100644 --- a/brackets.profile +++ b/brackets.profile @@ -7,6 +7,10 @@ whitelist ${HOME}/Documents whitelist /opt/brackets/ whitelist /opt/google/ +blacklist /boot +blacklist /media +blacklist /mnt + private-bin bash,brackets,readlink,dirname,google-chrome,cat private-dev whitelist /tmp/.X11-unix diff --git a/cin.profile b/cin.profile index 18dd7626..72792fb3 100644 --- a/cin.profile +++ b/cin.profile @@ -7,6 +7,11 @@ private-bin cin private-dev private-etc fonts,pulse +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + whitelist /tmp/.X11-unix noexec /home diff --git a/fetchmail.profile b/fetchmail.profile index 1919803b..a58ab259 100644 --- a/fetchmail.profile +++ b/fetchmail.profile @@ -5,6 +5,11 @@ whitelist ${HOME}/Mail whitelist ${HOME}/.procmailrc.gmail whitelist ${HOME}/.procmailrc.brown +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + noroot private-dev caps.drop all diff --git a/gimp.profile b/gimp.profile index 33ec9f6c..0219e313 100644 --- a/gimp.profile +++ b/gimp.profile @@ -5,6 +5,11 @@ whitelist ${HOME}/.themes whitelist ${DOWNLOADS} whitelist ${HOME}/Pictures +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + private-bin gimp,gimp-2.8,gimp-console,gimp-console-2.8,python2.7 private-dev private-etc gimp,fonts diff --git a/inkscape.profile b/inkscape.profile index 2dd7b851..324d749e 100644 --- a/inkscape.profile +++ b/inkscape.profile @@ -5,6 +5,11 @@ whitelist ${HOME}/.themes whitelist ${DOWNLOADS} whitelist ${HOME}/Pictures +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + private-bin inkscape private-dev private-etc fonts diff --git a/libreoffice.profile b/libreoffice.profile index fd96eef0..761e9273 100644 --- a/libreoffice.profile +++ b/libreoffice.profile @@ -4,11 +4,11 @@ whitelist ${HOME}/.config/libreoffice whitelist ${HOME}/.config/gtk-3.0 whitelist ${HOME}/.gtkrc-2.0 whitelist ${HOME}/.gtkrc.mine -blacklist /opt + blacklist /boot blacklist /media blacklist /mnt -blacklist /ae108 +blacklist /opt private-dev private-bin sh,libreoffice,dirname,grep,uname,ls,sed,pwd,basename,dbus-launch,dbus-send,fcitx-dbus-watcher,fcitx-remote diff --git a/linphone.profile b/linphone.profile index 6a2c89b3..76792623 100644 --- a/linphone.profile +++ b/linphone.profile @@ -3,6 +3,12 @@ whitelist ${HOME}/.linphone-history.db whitelist ${HOME}/Downloads whitelist ${HOME}/.gtkrc-2.0 whitelist ${HOME}/.gtkrc.mine + +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + caps.drop all noroot seccomp \ No newline at end of file diff --git a/lmms.profile b/lmms.profile index 636c7998..ba475fae 100644 --- a/lmms.profile +++ b/lmms.profile @@ -3,6 +3,11 @@ whitelist ${HOME}/Music whitelist ${HOME}/.lmmsrc.xml whitelist ${HOME}/lmms +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + whitelist /tmp/.X11-unix private-dev diff --git a/luminance-hdr.profile b/luminance-hdr.profile index d6d24fec..7e64a0b4 100644 --- a/luminance-hdr.profile +++ b/luminance-hdr.profile @@ -1,13 +1,18 @@ -private-bin luminance-hdr,luminance-hdr-cli,align_image_stack -private-dev -private-etc fonts,X11,alternatives -whitelist /tmp/.X11-unix - whitelist ${HOME}/Pictures whitelist ${HOME}/Downloads whitelist ${HOME}/.LuminanceHDR whitelist ${HOME}/.config/Luminance +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + +private-bin luminance-hdr,luminance-hdr-cli,align_image_stack +private-dev +private-etc fonts,X11,alternatives +whitelist /tmp/.X11-unix + noexec ${HOME} noexec /tmp diff --git a/mpd.profile b/mpd.profile index ec80780f..faa2091d 100644 --- a/mpd.profile +++ b/mpd.profile @@ -4,6 +4,12 @@ whitelist ${HOME}/.mpdconf whitelist ${HOME}/.config/pulse/ whitelist ${HOME}/.pulse/ read-only ${HOME}/Music/ + +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + private-dev private-bin mpd,bash caps.drop all diff --git a/mutt.profile b/mutt.profile index da60111e..19dc6d66 100644 --- a/mutt.profile +++ b/mutt.profile @@ -9,6 +9,11 @@ whitelist ${HOME}/.mutt_cache whitelist ${HOME}/Mail whitelist ${HOME}/.gnupg +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + # To store files whitelist ${HOME}/Downloads diff --git a/openshot.profile b/openshot.profile index adef7dc0..aca49427 100644 --- a/openshot.profile +++ b/openshot.profile @@ -5,6 +5,7 @@ blacklist /usr/local/sbin blacklist /media blacklist /mnt blacklist /boot +blacklist /opt # I use Downloads as my data transfer directory whitelist ${HOME}/Downloads/ diff --git a/qpdfview.profile b/qpdfview.profile index bc6e0952..2b39c832 100644 --- a/qpdfview.profile +++ b/qpdfview.profile @@ -9,6 +9,11 @@ whitelist ${HOME}/Documents whitelist ${HOME}/.config/qpdfview +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + private-dev private-etc fonts,X11,alternatives private-bin qpdfview diff --git a/skype.profile b/skype.profile index c14ddbdf..dc71e171 100644 --- a/skype.profile +++ b/skype.profile @@ -1,5 +1,11 @@ whitelist ${HOME}/.Skype whitelist ${HOME}/Downloads + +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + noexec ${HOME}/ noexec /tmp/ caps.drop all diff --git a/synfigstudio.profile b/synfigstudio.profile index fcc97a05..f1b32f72 100644 --- a/synfigstudio.profile +++ b/synfigstudio.profile @@ -1,6 +1,11 @@ whitelist ${DOWNLOADS} whitelist ${HOME}/.synfig +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + private-bin synfigstudio private-etc fonts,X11,synfig,synfig_modules.cfg private-dev diff --git a/virtualbox.profile b/virtualbox.profile index 037e93c9..d5a1a043 100644 --- a/virtualbox.profile +++ b/virtualbox.profile @@ -7,6 +7,11 @@ whitelist ${HOME}/.gtkrc-2.0 whitelist ${HOME}/.gtkrc.mine whitelist ${HOME}/.config/Trolltech.conf +blacklist /boot +blacklist /media +blacklist /mnt +blacklist /opt + whitelist /dev/vboxdrv whitelist /dev/vboxdrvu whitelist /dev/vboxnetctl