Skip to content

Commit

Permalink
Merge pull request #5987 from kmk3/profiles-fix-eol-comments
Browse files Browse the repository at this point in the history
profiles: fix commented code and eol comments
  • Loading branch information
kmk3 authored Sep 8, 2023
2 parents 9ab6b87 + c6d3337 commit 032aa1f
Show file tree
Hide file tree
Showing 231 changed files with 555 additions and 547 deletions.
12 changes: 7 additions & 5 deletions etc/inc/disable-common.inc
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ blacklist-nolog ${HOME}/.viminfo
blacklist-nolog /tmp/clipmenu*

# X11 session autostart
# blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs
# this will kill --x11=xpra cmdline option for all programs
#blacklist ${HOME}/.xpra
blacklist ${HOME}/.Xsession
blacklist ${HOME}/.blackbox
blacklist ${HOME}/.config/autostart
Expand Down Expand Up @@ -241,8 +242,9 @@ blacklist /var/lib/mysql/mysql.sock
blacklist /var/lib/mysqld/mysql.sock
blacklist /var/lib/pacman
blacklist /var/lib/upower
# blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for
# every sandbox, unless --writable-var-log switch is activated
# a virtual /var/log directory (mostly empty) is build up by default for every
# sandbox, unless --writable-var-log switch is activated
#blacklist /var/log
blacklist /var/mail
blacklist /var/opt
blacklist /var/run/acpid.socket
Expand Down Expand Up @@ -562,7 +564,7 @@ blacklist ${PATH}/bmon
blacklist ${PATH}/fping
blacklist ${PATH}/fping6
blacklist ${PATH}/hostname
# blacklist ${PATH}/ip - breaks --ip=dhcp
#blacklist ${PATH}/ip # breaks --ip=dhcp
blacklist ${PATH}/mtr
blacklist ${PATH}/mtr-packet
blacklist ${PATH}/netstat
Expand Down Expand Up @@ -611,8 +613,8 @@ blacklist /tmp/tmux-*
blacklist ${PATH}/gnome-terminal
blacklist ${PATH}/gnome-terminal.wrapper
blacklist ${PATH}/kgx
# blacklist ${PATH}/konsole
# konsole doesn't seem to have this problem - last tested on Ubuntu 16.04
#blacklist ${PATH}/konsole
blacklist ${PATH}/lilyterm
blacklist ${PATH}/lxterminal
blacklist ${PATH}/mate-terminal
Expand Down
4 changes: 2 additions & 2 deletions etc/profile-a-l/abiword.profile
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ private-dev
private-etc @x11
private-tmp

# dbus-user none
# dbus-system none
#dbus-user none
#dbus-system none

restrict-namespaces
12 changes: 6 additions & 6 deletions etc/profile-a-l/akonadi_control.profile
Original file line number Diff line number Diff line change
Expand Up @@ -34,25 +34,25 @@ include whitelist-var-common.inc
# disabled options below are not compatible with the apparmor profile for mysqld-akonadi.
# this affects ubuntu and debian currently

# apparmor
#apparmor
caps.drop all
ipc-namespace
netfilter
no3d
nodvd
nogroups
noinput
# nonewprivs
#nonewprivs
noroot
nosound
notv
nou2f
novideo
# protocol unix,inet,inet6,netlink
# seccomp !io_destroy,!io_getevents,!io_setup,!io_submit,!ioprio_set
#protocol unix,inet,inet6,netlink
#seccomp !io_destroy,!io_getevents,!io_setup,!io_submit,!ioprio_set
tracelog

private-dev
# private-tmp - breaks programs that depend on akonadi
#private-tmp # breaks programs that depend on akonadi

# restrict-namespaces
#restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/akregator.profile
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,4 @@ private-dev
private-tmp

deterministic-shutdown
# restrict-namespaces
#restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/alacarte.profile
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ seccomp.block-secondary
tracelog

disable-mnt
# private-bin alacarte,bash,python*,sh
#private-bin alacarte,bash,python*,sh
private-cache
private-dev
private-etc @tls-ca,@x11,mime.types
Expand Down
8 changes: 4 additions & 4 deletions etc/profile-a-l/amarok.profile
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@ notv
nou2f
novideo
protocol unix,inet,inet6
# seccomp
#seccomp

# private-bin amarok
#private-bin amarok
private-dev
# private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,resolv.conf,ssl
#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,resolv.conf,ssl
private-tmp

dbus-user filter
Expand All @@ -45,4 +45,4 @@ dbus-user.talk org.freedesktop.Notifications
#dbus-user.talk org.kde.knotify
dbus-system none

# restrict-namespaces
#restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/android-studio.profile
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ protocol unix,inet,inet6
seccomp

private-cache
# private-tmp
#private-tmp

# noexec /tmp breaks 'Android Profiler'
#noexec /tmp
Expand Down
2 changes: 1 addition & 1 deletion etc/profile-a-l/anki.profile
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,4 @@ private-tmp
dbus-user none
dbus-system none

# restrict-namespaces
#restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/arduino.profile
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ caps.drop all
netfilter
no3d
nodvd
# nogroups
#nogroups
nonewprivs
noroot
nosound
Expand Down
2 changes: 1 addition & 1 deletion etc/profile-a-l/aria2c.profile
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ novideo
protocol unix,inet,inet6,netlink
seccomp

# disable-mnt
#disable-mnt
# Add your custom event hook commands to 'private-bin' in your aria2c.local.
private-bin aria2c,gzip
# Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772).
Expand Down
6 changes: 3 additions & 3 deletions etc/profile-a-l/ark.profile
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ include whitelist-var-common.inc

apparmor
caps.drop all
# net none
#net none
netfilter
nodvd
nogroups
Expand All @@ -42,7 +42,7 @@ private-bin 7z,ark,bash,lrzip,lsar,lz4,lzop,p7zip,rar,sh,tclsh,unar,unrar,unzip,
private-dev
private-tmp

# dbus-user none
# dbus-system none
#dbus-user none
#dbus-system none

restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/artha.profile
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ include whitelist-var-common.inc
apparmor
caps.drop all
ipc-namespace
# net none - breaks on Ubuntu
#net none # breaks on Ubuntu
no3d
nodvd
nogroups
Expand Down
4 changes: 2 additions & 2 deletions etc/profile-a-l/asunder.profile
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ apparmor
caps.drop all
netfilter
no3d
# nogroups
#nogroups
noinput
nonewprivs
noroot
Expand All @@ -44,5 +44,5 @@ dbus-user none
dbus-system none

# mdwe is disabled due to breaking hardware accelerated decoding
# memory-deny-write-execute
#memory-deny-write-execute
restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/atom.profile
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ noblacklist ${HOME}/.config/Atom
# Allows files commonly used by IDEs
include allow-common-devel.inc

# net none
#net none
nosound

# Redirect
Expand Down
4 changes: 2 additions & 2 deletions etc/profile-a-l/atril.profile
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ include disable-xdg.inc

include whitelist-var-common.inc

# apparmor
#apparmor
caps.drop all
machine-id
no3d
Expand All @@ -44,7 +44,7 @@ private-dev
private-etc
# atril uses webkit gtk to display epub files
# waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0
#private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit
#private-lib webkit2gtk-4.0 # problems on Arch with the new version of WebKit
private-tmp

# webkit gtk killed by memory-deny-write-execute
Expand Down
2 changes: 1 addition & 1 deletion etc/profile-a-l/audacious.profile
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ protocol unix,inet,inet6
seccomp
tracelog

# private-bin audacious
#private-bin audacious
private-cache
private-dev
private-tmp
Expand Down
4 changes: 2 additions & 2 deletions etc/profile-a-l/audacity.profile
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ private-etc @x11
private-tmp

# problems on Fedora 27
# dbus-user none
# dbus-system none
#dbus-user none
#dbus-system none

restrict-namespaces
4 changes: 2 additions & 2 deletions etc/profile-a-l/audio-recorder.profile
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ seccomp
tracelog

disable-mnt
# private-bin audio-recorder
#private-bin audio-recorder
private-cache
private-etc
private-tmp
Expand All @@ -50,5 +50,5 @@ dbus-user filter
dbus-user.talk ca.desrt.dconf
dbus-system none

# memory-deny-write-execute - breaks on Arch
#memory-deny-write-execute # breaks on Arch
restrict-namespaces
12 changes: 6 additions & 6 deletions etc/profile-a-l/authenticator.profile
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ include disable-exec.inc
include disable-interpreters.inc
include disable-programs.inc

# apparmor
#apparmor
caps.drop all
netfilter
no3d
Expand All @@ -31,19 +31,19 @@ noroot
nosound
notv
nou2f
# novideo
#novideo
protocol unix,inet,inet6
seccomp

disable-mnt
# private-bin authenticator,python*
#private-bin authenticator,python*
private-dev
private-etc @tls-ca
private-tmp

# makes settings immutable
# dbus-user none
# dbus-system none
#dbus-user none
#dbus-system none

#memory-deny-write-execute - breaks on Arch (see issue #1803)
#memory-deny-write-execute # breaks on Arch (see issue #1803)
restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/autokey-common.profile
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,5 @@ private-cache
private-dev
private-tmp

#memory-deny-write-execute - breaks on Arch (see issue #1803)
#memory-deny-write-execute # breaks on Arch (see issue #1803)
restrict-namespaces
12 changes: 6 additions & 6 deletions etc/profile-a-l/baloo_file.profile
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ include globals.local

# Make home directory read-only and allow writing only to ${HOME}/.local/share/baloo
# Note: Baloo will not be able to update the "first run" key in its configuration files.
# mkdir ${HOME}/.local/share/baloo
# read-only ${HOME}
# read-write ${HOME}/.local/share/baloo
# ignore read-write
#mkdir ${HOME}/.local/share/baloo
#read-only ${HOME}
#read-write ${HOME}/.local/share/baloo
#ignore read-write

noblacklist ${HOME}/.config/baloofilerc
noblacklist ${HOME}/.kde/share/config/baloofilerc
Expand All @@ -31,7 +31,7 @@ include whitelist-var-common.inc
apparmor
caps.drop all
machine-id
# net none
#net none
netfilter
no3d
nodvd
Expand All @@ -46,7 +46,7 @@ novideo
protocol unix
# blacklisting of ioprio_set system calls breaks baloo_file
seccomp !ioprio_set
# x11 xorg
#x11 xorg

private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kbuildsycoca4
private-cache
Expand Down
10 changes: 5 additions & 5 deletions etc/profile-a-l/baobab.profile
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ include baobab.local
# Persistent global definitions
include globals.local

# include disable-common.inc
#include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
# include disable-programs.inc
#include disable-programs.inc
include disable-shell.inc
# include disable-xdg.inc
#include disable-xdg.inc

include whitelist-runuser-common.inc

Expand All @@ -37,8 +37,8 @@ private-bin baobab
private-dev
private-tmp

# dbus-user none
# dbus-system none
#dbus-user none
#dbus-system none

read-only ${HOME}
restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/bcompare.profile
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ include disable-exec.inc
include disable-interpreters.inc
# Add the next line to your bcompare.local if you don't need to compare files in disable-programs.inc.
#include disable-programs.inc
#include disable-shell.inc - breaks launch
#include disable-shell.inc # breaks launch
include disable-write-mnt.inc

apparmor
Expand Down
4 changes: 2 additions & 2 deletions etc/profile-a-l/bibletime.profile
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ protocol unix,inet,inet6,netlink
seccomp !chroot

disable-mnt
# private-bin bibletime
#private-bin bibletime
private-cache
private-dev
private-etc @tls-ca,sword,sword.conf
Expand All @@ -57,4 +57,4 @@ private-tmp
dbus-user none
dbus-system none

# restrict-namespaces
#restrict-namespaces
2 changes: 1 addition & 1 deletion etc/profile-a-l/bijiben.profile
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ tracelog

disable-mnt
private-bin bijiben
# private-cache -- access to .cache/tracker is required
#private-cache # access to .cache/tracker is required
private-dev
private-etc @x11
private-tmp
Expand Down
Loading

0 comments on commit 032aa1f

Please sign in to comment.