diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-03-27 12:13:21 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-27 12:13:21 +0000 |
commit | 0d8fb3d1b41f7c403c0061efda4be35e7ad70344 (patch) | |
tree | cb67019a07fd6f68909e49c6880ad4703d7aa08b | |
parent | RELNOTES: add many profile items (diff) | |
download | firejail-0d8fb3d1b41f7c403c0061efda4be35e7ad70344.tar.gz firejail-0d8fb3d1b41f7c403c0061efda4be35e7ad70344.tar.zst firejail-0d8fb3d1b41f7c403c0061efda4be35e7ad70344.zip |
profiles: sort blacklist sections (#6289)
See etc/templates/profile.template.
This is a follow-up to #6286.
-rw-r--r-- | etc/profile-a-l/bpftop.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/cloneit.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/deadlink.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/dexios.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/editorconfiger.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/kdiff3.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/makepkg.profile | 6 | ||||
-rw-r--r-- | etc/profile-m-z/statusof.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/textroom.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/torbrowser.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/tvnamer.profile | 2 |
11 files changed, 13 insertions, 13 deletions
diff --git a/etc/profile-a-l/bpftop.profile b/etc/profile-a-l/bpftop.profile index 8c64a77c6..7670f1b4b 100644 --- a/etc/profile-a-l/bpftop.profile +++ b/etc/profile-a-l/bpftop.profile | |||
@@ -7,8 +7,8 @@ include bpftop.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /usr/libexec | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | blacklist /usr/libexec | ||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/cloneit.profile b/etc/profile-a-l/cloneit.profile index 445ef4890..827dd1de2 100644 --- a/etc/profile-a-l/cloneit.profile +++ b/etc/profile-a-l/cloneit.profile | |||
@@ -7,8 +7,8 @@ include cloneit.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /usr/libexec | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | blacklist /usr/libexec | ||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/deadlink.profile b/etc/profile-a-l/deadlink.profile index f7535c597..9b378b455 100644 --- a/etc/profile-a-l/deadlink.profile +++ b/etc/profile-a-l/deadlink.profile | |||
@@ -6,8 +6,8 @@ include deadlink.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /usr/libexec | ||
10 | blacklist ${RUNUSER} | 9 | blacklist ${RUNUSER} |
10 | blacklist /usr/libexec | ||
11 | 11 | ||
12 | noblacklist ${HOME}/.config/deadlink | 12 | noblacklist ${HOME}/.config/deadlink |
13 | 13 | ||
diff --git a/etc/profile-a-l/dexios.profile b/etc/profile-a-l/dexios.profile index 55d6c83ce..7d549d745 100644 --- a/etc/profile-a-l/dexios.profile +++ b/etc/profile-a-l/dexios.profile | |||
@@ -7,8 +7,8 @@ include dexios.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /usr/libexec | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | blacklist /usr/libexec | ||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/editorconfiger.profile b/etc/profile-a-l/editorconfiger.profile index a921ae2d5..8812db35f 100644 --- a/etc/profile-a-l/editorconfiger.profile +++ b/etc/profile-a-l/editorconfiger.profile | |||
@@ -6,8 +6,8 @@ include editorconfiger.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /usr/libexec | ||
10 | blacklist ${RUNUSER} | 9 | blacklist ${RUNUSER} |
10 | blacklist /usr/libexec | ||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index d9e4480f5..02b389dff 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -12,8 +12,8 @@ noblacklist ${HOME}/.config/kdiff3rc | |||
12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. | 12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. |
13 | # By default we deny access only to .ssh and .gnupg. | 13 | # By default we deny access only to .ssh and .gnupg. |
14 | #include disable-common.inc | 14 | #include disable-common.inc |
15 | blacklist ${HOME}/.ssh | ||
16 | blacklist ${HOME}/.gnupg | 15 | blacklist ${HOME}/.gnupg |
16 | blacklist ${HOME}/.ssh | ||
17 | 17 | ||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 3bda47fad..a8dd3988b 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -20,11 +20,11 @@ blacklist ${RUNUSER}/wayland-* | |||
20 | noblacklist ${HOME}/.gnupg | 20 | noblacklist ${HOME}/.gnupg |
21 | read-only ${HOME}/.gnupg/trustdb.gpg | 21 | read-only ${HOME}/.gnupg/trustdb.gpg |
22 | read-only ${HOME}/.gnupg/pubring.kbx | 22 | read-only ${HOME}/.gnupg/pubring.kbx |
23 | blacklist ${HOME}/.gnupg/random_seed | ||
24 | blacklist ${HOME}/.gnupg/pubring.kbx~ | ||
25 | blacklist ${HOME}/.gnupg/private-keys-v1.d | ||
26 | blacklist ${HOME}/.gnupg/crls.d | 23 | blacklist ${HOME}/.gnupg/crls.d |
27 | blacklist ${HOME}/.gnupg/openpgp-revocs.d | 24 | blacklist ${HOME}/.gnupg/openpgp-revocs.d |
25 | blacklist ${HOME}/.gnupg/private-keys-v1.d | ||
26 | blacklist ${HOME}/.gnupg/pubring.kbx~ | ||
27 | blacklist ${HOME}/.gnupg/random_seed | ||
28 | 28 | ||
29 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | 29 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. |
30 | noblacklist /var/lib/pacman | 30 | noblacklist /var/lib/pacman |
diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile index 25c8df680..45da84e11 100644 --- a/etc/profile-m-z/statusof.profile +++ b/etc/profile-m-z/statusof.profile | |||
@@ -7,8 +7,8 @@ include statusof.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /usr/libexec | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | blacklist /usr/libexec | ||
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
diff --git a/etc/profile-m-z/textroom.profile b/etc/profile-m-z/textroom.profile index 6fdba7501..912fce6c1 100644 --- a/etc/profile-m-z/textroom.profile +++ b/etc/profile-m-z/textroom.profile | |||
@@ -6,8 +6,8 @@ include textroom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /usr/libexec | ||
10 | blacklist ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | blacklist /usr/libexec | ||
11 | 11 | ||
12 | noblacklist ${HOME}/.config/textroom | 12 | noblacklist ${HOME}/.config/textroom |
13 | 13 | ||
diff --git a/etc/profile-m-z/torbrowser.profile b/etc/profile-m-z/torbrowser.profile index 15ca5b550..669394aaf 100644 --- a/etc/profile-m-z/torbrowser.profile +++ b/etc/profile-m-z/torbrowser.profile | |||
@@ -12,8 +12,8 @@ ignore dbus-user none | |||
12 | noblacklist ${HOME}/.cache/mozilla | 12 | noblacklist ${HOME}/.cache/mozilla |
13 | noblacklist ${HOME}/.mozilla | 13 | noblacklist ${HOME}/.mozilla |
14 | 14 | ||
15 | blacklist /usr/libexec | ||
16 | blacklist /sys/class/net | 15 | blacklist /sys/class/net |
16 | blacklist /usr/libexec | ||
17 | 17 | ||
18 | mkdir ${HOME}/.cache/mozilla/torbrowser | 18 | mkdir ${HOME}/.cache/mozilla/torbrowser |
19 | mkdir ${HOME}/.mozilla | 19 | mkdir ${HOME}/.mozilla |
diff --git a/etc/profile-m-z/tvnamer.profile b/etc/profile-m-z/tvnamer.profile index 24439672a..19c94feea 100644 --- a/etc/profile-m-z/tvnamer.profile +++ b/etc/profile-m-z/tvnamer.profile | |||
@@ -6,8 +6,8 @@ include tvnamer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /usr/libexec | ||
10 | blacklist ${RUNUSER} | 9 | blacklist ${RUNUSER} |
10 | blacklist /usr/libexec | ||
11 | 11 | ||
12 | noblacklist ${HOME}/.config/tvnamer | 12 | noblacklist ${HOME}/.config/tvnamer |
13 | noblacklist ${VIDEOS} | 13 | noblacklist ${VIDEOS} |