aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Kelvin M. Klann <kmk3.code@protonmail.com>2024-03-27 12:13:47 +0000
committerLibravatar GitHub <noreply@github.com>2024-03-27 12:13:47 +0000
commit0060b5105b1fc74aecae71b60b473451a8b65020 (patch)
tree4b729d3d9b568ba1b251abf8f5ea1ef02724fca5
parentprofiles: sort blacklist sections (#6289) (diff)
downloadfirejail-0060b5105b1fc74aecae71b60b473451a8b65020.tar.gz
firejail-0060b5105b1fc74aecae71b60b473451a8b65020.tar.zst
firejail-0060b5105b1fc74aecae71b60b473451a8b65020.zip
profiles: rename disable-X11.inc to disable-x11.inc (#6294)
That is, make "X11" lowercase so that the order of the includes in the disable- section remain the same when sorted with `LC_ALL=C`, as is the case for most of the other sections. That is also likely to be the default in text editors (such as in vim on Arch), so this should make the disable- section more consistent and easier to sort when editing the profile. Also, keep the old include as a redirect to the new one for now to avoid breakage. Commands used to search and replace: git mv etc/inc/disable-X11.inc etc/inc/disable-x11.inc git grep -Ilz 'disable-X11' -- etc | xargs -0 \ perl -pi -e 's/disable-X11/disable-x11/' Relates to #4462 #4854 #6070 #6289. This is a follow-up to #6286.
Diffstat
-rw-r--r--etc/inc/disable-X11.inc15
-rw-r--r--etc/inc/disable-x11.inc15
-rw-r--r--etc/profile-a-l/agetpkg.profile2
-rw-r--r--etc/profile-a-l/alpine.profile2
-rw-r--r--etc/profile-a-l/aria2c.profile2
-rw-r--r--etc/profile-a-l/bpftop.profile2
-rw-r--r--etc/profile-a-l/build-systems-common.profile2
-rw-r--r--etc/profile-a-l/clac.profile2
-rw-r--r--etc/profile-a-l/cloneit.profile2
-rw-r--r--etc/profile-a-l/cointop.profile2
-rw-r--r--etc/profile-a-l/curl.profile2
-rw-r--r--etc/profile-a-l/daisy.profile2
-rw-r--r--etc/profile-a-l/dbus-send.profile2
-rw-r--r--etc/profile-a-l/deadlink.profile2
-rw-r--r--etc/profile-a-l/dexios.profile2
-rw-r--r--etc/profile-a-l/dig.profile2
-rw-r--r--etc/profile-a-l/dnscrypt-proxy.profile2
-rw-r--r--etc/profile-a-l/dnsmasq.profile2
-rw-r--r--etc/profile-a-l/drill.profile2
-rw-r--r--etc/profile-a-l/editorconfiger.profile2
-rw-r--r--etc/profile-a-l/erd.profile2
-rw-r--r--etc/profile-a-l/fdns.profile2
-rw-r--r--etc/profile-a-l/ftp.profile2
-rw-r--r--etc/profile-a-l/gget.profile2
-rw-r--r--etc/profile-a-l/gist.profile2
-rw-r--r--etc/profile-a-l/git.profile2
-rw-r--r--etc/profile-a-l/gnome-keyring-daemon.profile4
-rw-r--r--etc/profile-a-l/googler-common.profile2
-rw-r--r--etc/profile-a-l/gpg-agent.profile2
-rw-r--r--etc/profile-a-l/gpg.profile2
-rw-r--r--etc/profile-a-l/links-common.profile2
-rw-r--r--etc/profile-a-l/lynx.profile2
-rw-r--r--etc/profile-m-z/makepkg.profile2
-rw-r--r--etc/profile-m-z/mimetype.profile2
-rw-r--r--etc/profile-m-z/mocp.profile2
-rw-r--r--etc/profile-m-z/mutt.profile2
-rw-r--r--etc/profile-m-z/neomutt.profile2
-rw-r--r--etc/profile-m-z/nodejs-common.profile2
-rw-r--r--etc/profile-m-z/nslookup.profile2
-rw-r--r--etc/profile-m-z/ping.profile2
-rw-r--r--etc/profile-m-z/qpdf.profile2
-rw-r--r--etc/profile-m-z/rsync-download_only.profile2
-rw-r--r--etc/profile-m-z/rtv.profile2
-rw-r--r--etc/profile-m-z/seahorse-daemon.profile2
-rw-r--r--etc/profile-m-z/server.profile2
-rw-r--r--etc/profile-m-z/signal-cli.profile2
-rw-r--r--etc/profile-m-z/ssh-agent.profile2
-rw-r--r--etc/profile-m-z/ssmtp.profile2
-rw-r--r--etc/profile-m-z/statusof.profile2
-rw-r--r--etc/profile-m-z/telnet.profile2
-rw-r--r--etc/profile-m-z/termshark.profile2
-rw-r--r--etc/profile-m-z/tin.profile2
-rw-r--r--etc/profile-m-z/tmux.profile2
-rw-r--r--etc/profile-m-z/tracker.profile2
-rw-r--r--etc/profile-m-z/tshark.profile2
-rw-r--r--etc/profile-m-z/tvnamer.profile2
-rw-r--r--etc/profile-m-z/unbound.profile2
-rw-r--r--etc/profile-m-z/w3m.profile2
-rw-r--r--etc/profile-m-z/wget.profile2
-rw-r--r--etc/profile-m-z/whois.profile2
-rw-r--r--etc/profile-m-z/yt-dlp.profile2
-rw-r--r--etc/templates/profile.template4
62 files changed, 81 insertions, 73 deletions
diff --git a/etc/inc/disable-X11.inc b/etc/inc/disable-X11.inc
index d227c7a0b..9f2bb47ae 100644
--- a/etc/inc/disable-X11.inc
+++ b/etc/inc/disable-X11.inc
@@ -2,14 +2,7 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include disable-X11.local 3include disable-X11.local
4 4
5blacklist /tmp/.X11-unix 5# Warning: This file is deprecated; use disable-x11.inc (lowercase) instead.
6blacklist ${HOME}/.Xauthority 6
7blacklist ${RUNUSER}/gdm/Xauthority 7# Redirect
8blacklist ${RUNUSER}/.mutter-Xwaylandauth* 8include disable-x11.inc
9blacklist ${RUNUSER}/xauth_*
10#blacklist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
11blacklist /tmp/xauth*
12blacklist /tmp/.ICE-unix
13blacklist ${RUNUSER}/ICEauthority
14rmenv DISPLAY
15rmenv XAUTHORITY
diff --git a/etc/inc/disable-x11.inc b/etc/inc/disable-x11.inc
new file mode 100644
index 000000000..d78329046
--- /dev/null
+++ b/etc/inc/disable-x11.inc
@@ -0,0 +1,15 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include disable-x11.local
4
5blacklist /tmp/.X11-unix
6blacklist ${HOME}/.Xauthority
7blacklist ${RUNUSER}/gdm/Xauthority
8blacklist ${RUNUSER}/.mutter-Xwaylandauth*
9blacklist ${RUNUSER}/xauth_*
10#blacklist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
11blacklist /tmp/xauth*
12blacklist /tmp/.ICE-unix
13blacklist ${RUNUSER}/ICEauthority
14rmenv DISPLAY
15rmenv XAUTHORITY
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index e455a17db..1bf954e3a 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -19,7 +19,7 @@ include disable-exec.inc
19include disable-interpreters.inc 19include disable-interpreters.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-shell.inc 21include disable-shell.inc
22include disable-X11.inc 22include disable-x11.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25whitelist ${DOWNLOADS} 25whitelist ${DOWNLOADS}
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 2ded32959..7ff2058a5 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -38,7 +38,7 @@ include disable-exec.inc
38include disable-interpreters.inc 38include disable-interpreters.inc
39include disable-programs.inc 39include disable-programs.inc
40include disable-shell.inc 40include disable-shell.inc
41include disable-X11.inc 41include disable-x11.inc
42include disable-xdg.inc 42include disable-xdg.inc
43 43
44#whitelist ${DOCUMENTS} 44#whitelist ${DOCUMENTS}
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index 0d70cf381..a3add6a4d 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -18,7 +18,7 @@ include disable-devel.inc
18include disable-exec.inc 18include disable-exec.inc
19include disable-interpreters.inc 19include disable-interpreters.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-X11.inc 21include disable-x11.inc
22 22
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc 24include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bpftop.profile b/etc/profile-a-l/bpftop.profile
index 7670f1b4b..d5b723f17 100644
--- a/etc/profile-a-l/bpftop.profile
+++ b/etc/profile-a-l/bpftop.profile
@@ -17,7 +17,7 @@ include disable-interpreters.inc
17include disable-proc.inc 17include disable-proc.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23include whitelist-common.inc 23include whitelist-common.inc
diff --git a/etc/profile-a-l/build-systems-common.profile b/etc/profile-a-l/build-systems-common.profile
index 8616996d2..9761efc72 100644
--- a/etc/profile-a-l/build-systems-common.profile
+++ b/etc/profile-a-l/build-systems-common.profile
@@ -25,7 +25,7 @@ include disable-exec.inc
25include disable-interpreters.inc 25include disable-interpreters.inc
26include disable-programs.inc 26include disable-programs.inc
27include disable-shell.inc 27include disable-shell.inc
28include disable-X11.inc 28include disable-x11.inc
29include disable-xdg.inc 29include disable-xdg.inc
30 30
31#whitelist ${HOME}/Projects 31#whitelist ${HOME}/Projects
diff --git a/etc/profile-a-l/clac.profile b/etc/profile-a-l/clac.profile
index cd2b2522d..7a8104b63 100644
--- a/etc/profile-a-l/clac.profile
+++ b/etc/profile-a-l/clac.profile
@@ -16,7 +16,7 @@ include disable-interpreters.inc
16include disable-proc.inc 16include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19#include disable-X11.inc # x11 none 19#include disable-x11.inc # x11 none
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22#include whitelist-common.inc # see #903 22#include whitelist-common.inc # see #903
diff --git a/etc/profile-a-l/cloneit.profile b/etc/profile-a-l/cloneit.profile
index 827dd1de2..abbeb9d77 100644
--- a/etc/profile-a-l/cloneit.profile
+++ b/etc/profile-a-l/cloneit.profile
@@ -17,7 +17,7 @@ include disable-interpreters.inc
17include disable-proc.inc 17include disable-proc.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23include whitelist-run-common.inc 23include whitelist-run-common.inc
diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile
index aa053e2f7..fa30331e1 100644
--- a/etc/profile-a-l/cointop.profile
+++ b/etc/profile-a-l/cointop.profile
@@ -17,7 +17,7 @@ include disable-interpreters.inc
17include disable-proc.inc 17include disable-proc.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.config/cointop 23mkdir ${HOME}/.config/cointop
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 1d9ec5fa4..9044e9ac0 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -25,7 +25,7 @@ blacklist ${RUNUSER}
25include disable-common.inc 25include disable-common.inc
26include disable-exec.inc 26include disable-exec.inc
27include disable-programs.inc 27include disable-programs.inc
28include disable-X11.inc 28include disable-x11.inc
29# Depending on workflow you can add 'include disable-xdg.inc' to your curl.local. 29# Depending on workflow you can add 'include disable-xdg.inc' to your curl.local.
30#include disable-xdg.inc 30#include disable-xdg.inc
31 31
diff --git a/etc/profile-a-l/daisy.profile b/etc/profile-a-l/daisy.profile
index 40b29a1f5..c6e616414 100644
--- a/etc/profile-a-l/daisy.profile
+++ b/etc/profile-a-l/daisy.profile
@@ -15,7 +15,7 @@ include disable-interpreters.inc
15include disable-proc.inc 15include disable-proc.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18#include disable-X11.inc # x11 none 18#include disable-x11.inc # x11 none
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21include whitelist-common.inc 21include whitelist-common.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 3a552b929..b54724aa5 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -16,7 +16,7 @@ include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-write-mnt.inc 18include disable-write-mnt.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22#include whitelist-common.inc # see #903 22#include whitelist-common.inc # see #903
diff --git a/etc/profile-a-l/deadlink.profile b/etc/profile-a-l/deadlink.profile
index 9b378b455..dd7283ed9 100644
--- a/etc/profile-a-l/deadlink.profile
+++ b/etc/profile-a-l/deadlink.profile
@@ -22,7 +22,7 @@ include disable-interpreters.inc
22include disable-proc.inc 22include disable-proc.inc
23include disable-programs.inc 23include disable-programs.inc
24include disable-shell.inc 24include disable-shell.inc
25include disable-X11.inc 25include disable-x11.inc
26include disable-xdg.inc 26include disable-xdg.inc
27 27
28include whitelist-run-common.inc 28include whitelist-run-common.inc
diff --git a/etc/profile-a-l/dexios.profile b/etc/profile-a-l/dexios.profile
index 7d549d745..936aa9f05 100644
--- a/etc/profile-a-l/dexios.profile
+++ b/etc/profile-a-l/dexios.profile
@@ -17,7 +17,7 @@ include disable-interpreters.inc
17include disable-proc.inc 17include disable-proc.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23whitelist ${DOWNLOADS} 23whitelist ${DOWNLOADS}
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 80eef569c..6a00475f9 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -17,7 +17,7 @@ include disable-common.inc
17include disable-exec.inc 17include disable-exec.inc
18#include disable-interpreters.inc 18#include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23#mkfile ${HOME}/.digrc # see #903 23#mkfile ${HOME}/.digrc # see #903
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index e27fa202b..49d201d76 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -17,7 +17,7 @@ include disable-devel.inc
17include disable-exec.inc 17include disable-exec.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23whitelist /usr/share/dnscrypt-proxy 23whitelist /usr/share/dnscrypt-proxy
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index b41eff3ae..2ce980cb1 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -17,7 +17,7 @@ include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23whitelist /var/lib/libvirt/dnsmasq 23whitelist /var/lib/libvirt/dnsmasq
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index 95e86e5b9..2205f52a0 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -16,7 +16,7 @@ include disable-common.inc
16include disable-exec.inc 16include disable-exec.inc
17#include disable-interpreters.inc 17#include disable-interpreters.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22#include whitelist-common.inc # see #903 22#include whitelist-common.inc # see #903
diff --git a/etc/profile-a-l/editorconfiger.profile b/etc/profile-a-l/editorconfiger.profile
index 8812db35f..654d65ee0 100644
--- a/etc/profile-a-l/editorconfiger.profile
+++ b/etc/profile-a-l/editorconfiger.profile
@@ -16,7 +16,7 @@ include disable-interpreters.inc
16include disable-proc.inc 16include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22apparmor 22apparmor
diff --git a/etc/profile-a-l/erd.profile b/etc/profile-a-l/erd.profile
index d821f5882..e72b75e75 100644
--- a/etc/profile-a-l/erd.profile
+++ b/etc/profile-a-l/erd.profile
@@ -8,7 +8,7 @@ include erd.local
8include globals.local 8include globals.local
9 9
10include disable-exec.inc 10include disable-exec.inc
11#include disable-X11.inc # x11 none 11#include disable-x11.inc # x11 none
12 12
13apparmor 13apparmor
14caps.drop all 14caps.drop all
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index cacd7025d..2d956f5a4 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -15,7 +15,7 @@ include disable-devel.inc
15include disable-exec.inc 15include disable-exec.inc
16include disable-interpreters.inc 16include disable-interpreters.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21#include whitelist-usr-share-common.inc 21#include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ftp.profile b/etc/profile-a-l/ftp.profile
index f448ab932..e133deba2 100644
--- a/etc/profile-a-l/ftp.profile
+++ b/etc/profile-a-l/ftp.profile
@@ -17,7 +17,7 @@ include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18#include disable-shell.inc 18#include disable-shell.inc
19include disable-write-mnt.inc 19include disable-write-mnt.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23apparmor 23apparmor
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index e0268a68c..eff215381 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -15,7 +15,7 @@ include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21whitelist ${DOWNLOADS} 21whitelist ${DOWNLOADS}
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index c7be8dcc5..4dff73c54 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -19,7 +19,7 @@ include disable-devel.inc
19include disable-exec.inc 19include disable-exec.inc
20include disable-interpreters.inc 20include disable-interpreters.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-X11.inc 22include disable-x11.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.gist 25mkdir ${HOME}/.gist
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index a900e10f3..f2fd63e1b 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -33,7 +33,7 @@ blacklist ${RUNUSER}/wayland-*
33include disable-common.inc 33include disable-common.inc
34include disable-exec.inc 34include disable-exec.inc
35include disable-programs.inc 35include disable-programs.inc
36include disable-X11.inc 36include disable-x11.inc
37 37
38whitelist /usr/share/git 38whitelist /usr/share/git
39whitelist /usr/share/git-core 39whitelist /usr/share/git-core
diff --git a/etc/profile-a-l/gnome-keyring-daemon.profile b/etc/profile-a-l/gnome-keyring-daemon.profile
index 0370b0472..b8c51991c 100644
--- a/etc/profile-a-l/gnome-keyring-daemon.profile
+++ b/etc/profile-a-l/gnome-keyring-daemon.profile
@@ -14,8 +14,8 @@ include disable-devel.inc
14include disable-exec.inc 14include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17#include disable-X11.inc # x11 none 17#include disable-x11.inc # x11 none
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21whitelist ${RUNUSER}/gnupg 21whitelist ${RUNUSER}/gnupg
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index e1ec5f4b9..823228612 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -22,7 +22,7 @@ include disable-exec.inc
22include disable-interpreters.inc 22include disable-interpreters.inc
23include disable-programs.inc 23include disable-programs.inc
24include disable-shell.inc 24include disable-shell.inc
25include disable-X11.inc 25include disable-x11.inc
26include disable-xdg.inc 26include disable-xdg.inc
27 27
28whitelist ${HOME}/.w3m 28whitelist ${HOME}/.w3m
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 29249cf21..102a4ef24 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -15,7 +15,7 @@ include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-interpreters.inc 16include disable-interpreters.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.gnupg 21mkdir ${HOME}/.gnupg
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 02dd3b076..6becc80eb 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -15,7 +15,7 @@ include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-interpreters.inc 16include disable-interpreters.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19 19
20whitelist ${RUNUSER}/gnupg 20whitelist ${RUNUSER}/gnupg
21whitelist ${RUNUSER}/keyring 21whitelist ${RUNUSER}/keyring
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index 4bab6b0cc..fd0aab879 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
13# Additional noblacklist files/directories (blacklisted in disable-programs.inc) 13# Additional noblacklist files/directories (blacklisted in disable-programs.inc)
14# used as associated programs can be added in your links-common.local. 14# used as associated programs can be added in your links-common.local.
15include disable-programs.inc 15include disable-programs.inc
16include disable-X11.inc 16include disable-x11.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index 2c61147ec..233bdafb6 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -13,7 +13,7 @@ include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-interpreters.inc 14include disable-interpreters.inc
15include disable-programs.inc 15include disable-programs.inc
16include disable-X11.inc 16include disable-x11.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19include whitelist-runuser-common.inc 19include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile
index a8dd3988b..148e06840 100644
--- a/etc/profile-m-z/makepkg.profile
+++ b/etc/profile-m-z/makepkg.profile
@@ -32,7 +32,7 @@ noblacklist /var/lib/pacman
32include disable-common.inc 32include disable-common.inc
33include disable-exec.inc 33include disable-exec.inc
34include disable-programs.inc 34include disable-programs.inc
35include disable-X11.inc 35include disable-x11.inc
36 36
37caps.drop all 37caps.drop all
38ipc-namespace 38ipc-namespace
diff --git a/etc/profile-m-z/mimetype.profile b/etc/profile-m-z/mimetype.profile
index 4b62624bb..6d9af90cb 100644
--- a/etc/profile-m-z/mimetype.profile
+++ b/etc/profile-m-z/mimetype.profile
@@ -11,7 +11,7 @@ blacklist ${RUNUSER}/wayland-*
11 11
12include disable-exec.inc 12include disable-exec.inc
13include disable-proc.inc 13include disable-proc.inc
14include disable-X11.inc 14include disable-x11.inc
15 15
16apparmor 16apparmor
17caps.drop all 17caps.drop all
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile
index d80e263b6..18e7331f3 100644
--- a/etc/profile-m-z/mocp.profile
+++ b/etc/profile-m-z/mocp.profile
@@ -18,7 +18,7 @@ include disable-exec.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-proc.inc 19include disable-proc.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-X11.inc 21include disable-x11.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.moc 24mkdir ${HOME}/.moc
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 447301d46..0f43a9335 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -50,7 +50,7 @@ include disable-devel.inc
50include disable-exec.inc 50include disable-exec.inc
51include disable-interpreters.inc 51include disable-interpreters.inc
52include disable-programs.inc 52include disable-programs.inc
53include disable-X11.inc 53include disable-x11.inc
54include disable-xdg.inc 54include disable-xdg.inc
55 55
56mkdir ${HOME}/.Mail 56mkdir ${HOME}/.Mail
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index 22720422b..4101e74ee 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -48,7 +48,7 @@ include disable-devel.inc
48include disable-exec.inc 48include disable-exec.inc
49include disable-interpreters.inc 49include disable-interpreters.inc
50include disable-programs.inc 50include disable-programs.inc
51include disable-X11.inc 51include disable-x11.inc
52include disable-xdg.inc 52include disable-xdg.inc
53 53
54mkdir ${HOME}/.Mail 54mkdir ${HOME}/.Mail
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index f301196c6..43fafc3de 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -39,7 +39,7 @@ include disable-common.inc
39include disable-exec.inc 39include disable-exec.inc
40include disable-programs.inc 40include disable-programs.inc
41include disable-shell.inc 41include disable-shell.inc
42include disable-X11.inc 42include disable-x11.inc
43include disable-xdg.inc 43include disable-xdg.inc
44 44
45# If you want whitelisting, change ${HOME}/Projects below to your node projects directory 45# If you want whitelisting, change ${HOME}/Projects below to your node projects directory
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile
index aae506b0b..5313d2906 100644
--- a/etc/profile-m-z/nslookup.profile
+++ b/etc/profile-m-z/nslookup.profile
@@ -16,7 +16,7 @@ include disable-devel.inc
16include disable-exec.inc 16include disable-exec.inc
17include disable-interpreters.inc 17include disable-interpreters.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22whitelist ${HOME}/.nslookuprc 22whitelist ${HOME}/.nslookuprc
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index c3aa0a501..785de68cb 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -15,7 +15,7 @@ include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-proc.inc 16include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21#include whitelist-common.inc # see #903 21#include whitelist-common.inc # see #903
diff --git a/etc/profile-m-z/qpdf.profile b/etc/profile-m-z/qpdf.profile
index edec7cf0a..a5b65aa8e 100644
--- a/etc/profile-m-z/qpdf.profile
+++ b/etc/profile-m-z/qpdf.profile
@@ -18,7 +18,7 @@ include disable-interpreters.inc
18include disable-proc.inc 18include disable-proc.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-shell.inc 20include disable-shell.inc
21include disable-X11.inc 21include disable-x11.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24whitelist ${DOCUMENTS} 24whitelist ${DOCUMENTS}
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile
index 52ccb4309..12724a077 100644
--- a/etc/profile-m-z/rsync-download_only.profile
+++ b/etc/profile-m-z/rsync-download_only.profile
@@ -19,7 +19,7 @@ include disable-exec.inc
19include disable-interpreters.inc 19include disable-interpreters.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-shell.inc 21include disable-shell.inc
22include disable-X11.inc 22include disable-x11.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25# Add the next line to your rsync-download_only.local to enable extra hardening. 25# Add the next line to your rsync-download_only.local to enable extra hardening.
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index e719b0d0d..5219f73f6 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -27,7 +27,7 @@ include disable-devel.inc
27include disable-exec.inc 27include disable-exec.inc
28include disable-interpreters.inc 28include disable-interpreters.inc
29include disable-programs.inc 29include disable-programs.inc
30include disable-X11.inc 30include disable-x11.inc
31include disable-xdg.inc 31include disable-xdg.inc
32 32
33mkdir ${HOME}/.config/rtv 33mkdir ${HOME}/.config/rtv
diff --git a/etc/profile-m-z/seahorse-daemon.profile b/etc/profile-m-z/seahorse-daemon.profile
index b3ead7191..f409b1930 100644
--- a/etc/profile-m-z/seahorse-daemon.profile
+++ b/etc/profile-m-z/seahorse-daemon.profile
@@ -9,7 +9,7 @@ include seahorse-daemon.local
9#include globals.local 9#include globals.local
10 10
11blacklist ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12include disable-X11.inc 12include disable-x11.inc
13 13
14memory-deny-write-execute 14memory-deny-write-execute
15 15
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index a77cf7e0b..a2978ab19 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -44,7 +44,7 @@ include disable-common.inc
44#include disable-interpreters.inc 44#include disable-interpreters.inc
45include disable-programs.inc 45include disable-programs.inc
46include disable-write-mnt.inc 46include disable-write-mnt.inc
47include disable-X11.inc 47include disable-x11.inc
48include disable-xdg.inc 48include disable-xdg.inc
49 49
50#include whitelist-runuser-common.inc 50#include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile
index 979d71b33..67bb45141 100644
--- a/etc/profile-m-z/signal-cli.profile
+++ b/etc/profile-m-z/signal-cli.profile
@@ -17,7 +17,7 @@ include disable-devel.inc
17include disable-exec.inc 17include disable-exec.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.local/share/signal-cli 23mkdir ${HOME}/.local/share/signal-cli
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile
index 6630244be..97ddfd292 100644
--- a/etc/profile-m-z/ssh-agent.profile
+++ b/etc/profile-m-z/ssh-agent.profile
@@ -13,7 +13,7 @@ blacklist ${RUNUSER}/wayland-*
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-programs.inc 15include disable-programs.inc
16include disable-X11.inc 16include disable-x11.inc
17 17
18include whitelist-usr-share-common.inc 18include whitelist-usr-share-common.inc
19 19
diff --git a/etc/profile-m-z/ssmtp.profile b/etc/profile-m-z/ssmtp.profile
index 356a732e7..8e2c21498 100644
--- a/etc/profile-m-z/ssmtp.profile
+++ b/etc/profile-m-z/ssmtp.profile
@@ -24,7 +24,7 @@ include disable-interpreters.inc
24include disable-proc.inc 24include disable-proc.inc
25include disable-programs.inc 25include disable-programs.inc
26include disable-shell.inc 26include disable-shell.inc
27include disable-X11.inc 27include disable-x11.inc
28include disable-xdg.inc 28include disable-xdg.inc
29 29
30mkfile ${HOME}/dead.letter 30mkfile ${HOME}/dead.letter
diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile
index 45da84e11..6422f979b 100644
--- a/etc/profile-m-z/statusof.profile
+++ b/etc/profile-m-z/statusof.profile
@@ -20,7 +20,7 @@ include disable-interpreters.inc
20include disable-proc.inc 20include disable-proc.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-shell.inc 22include disable-shell.inc
23include disable-X11.inc 23include disable-x11.inc
24include disable-xdg.inc 24include disable-xdg.inc
25 25
26include whitelist-common.inc 26include whitelist-common.inc
diff --git a/etc/profile-m-z/telnet.profile b/etc/profile-m-z/telnet.profile
index 13a47c958..ec27b89a8 100644
--- a/etc/profile-m-z/telnet.profile
+++ b/etc/profile-m-z/telnet.profile
@@ -17,7 +17,7 @@ include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18#include disable-shell.inc 18#include disable-shell.inc
19include disable-write-mnt.inc 19include disable-write-mnt.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23apparmor 23apparmor
diff --git a/etc/profile-m-z/termshark.profile b/etc/profile-m-z/termshark.profile
index bdee14e64..64f52cf6d 100644
--- a/etc/profile-m-z/termshark.profile
+++ b/etc/profile-m-z/termshark.profile
@@ -10,7 +10,7 @@ include termshark.local
10 10
11blacklist ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13include disable-X11.inc 13include disable-x11.inc
14 14
15# Redirect 15# Redirect
16include wireshark.profile 16include wireshark.profile
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
index 7c1d534e9..865735a79 100644
--- a/etc/profile-m-z/tin.profile
+++ b/etc/profile-m-z/tin.profile
@@ -18,7 +18,7 @@ include disable-exec.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-shell.inc 20include disable-shell.inc
21include disable-X11.inc 21include disable-x11.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.tin 24mkdir ${HOME}/.tin
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile
index 55d84a618..a846b7f02 100644
--- a/etc/profile-m-z/tmux.profile
+++ b/etc/profile-m-z/tmux.profile
@@ -15,7 +15,7 @@ noblacklist /tmp/tmux-*
15#include disable-devel.inc 15#include disable-devel.inc
16#include disable-exec.inc 16#include disable-exec.inc
17#include disable-programs.inc 17#include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile
index 8a3464496..d7de4310f 100644
--- a/etc/profile-m-z/tracker.profile
+++ b/etc/profile-m-z/tracker.profile
@@ -15,7 +15,7 @@ include disable-devel.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-X11.inc 18include disable-x11.inc
19 19
20include whitelist-runuser-common.inc 20include whitelist-runuser-common.inc
21 21
diff --git a/etc/profile-m-z/tshark.profile b/etc/profile-m-z/tshark.profile
index fab45a334..8e57de6cb 100644
--- a/etc/profile-m-z/tshark.profile
+++ b/etc/profile-m-z/tshark.profile
@@ -9,7 +9,7 @@ include tshark.local
9 9
10blacklist ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12include disable-X11.inc 12include disable-x11.inc
13 13
14# Redirect 14# Redirect
15include wireshark.profile 15include wireshark.profile
diff --git a/etc/profile-m-z/tvnamer.profile b/etc/profile-m-z/tvnamer.profile
index 19c94feea..c71434f2a 100644
--- a/etc/profile-m-z/tvnamer.profile
+++ b/etc/profile-m-z/tvnamer.profile
@@ -23,7 +23,7 @@ include disable-interpreters.inc
23include disable-programs.inc 23include disable-programs.inc
24include disable-proc.inc 24include disable-proc.inc
25include disable-shell.inc 25include disable-shell.inc
26include disable-X11.inc 26include disable-x11.inc
27include disable-xdg.inc 27include disable-xdg.inc
28 28
29mkdir ${HOME}/.config/tvnamer 29mkdir ${HOME}/.config/tvnamer
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile
index dfce92e2d..c12054d47 100644
--- a/etc/profile-m-z/unbound.profile
+++ b/etc/profile-m-z/unbound.profile
@@ -16,7 +16,7 @@ include disable-devel.inc
16include disable-exec.inc 16include disable-exec.inc
17include disable-interpreters.inc 17include disable-interpreters.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22whitelist /usr/share/dns 22whitelist /usr/share/dns
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 4e2f1bb3e..6c8d84ea4 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -28,7 +28,7 @@ include disable-exec.inc
28include disable-interpreters.inc 28include disable-interpreters.inc
29include disable-programs.inc 29include disable-programs.inc
30include disable-shell.inc 30include disable-shell.inc
31include disable-X11.inc 31include disable-x11.inc
32include disable-xdg.inc 32include disable-xdg.inc
33 33
34mkdir ${HOME}/.w3m 34mkdir ${HOME}/.w3m
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile
index 90a1d3d7a..dacfd739e 100644
--- a/etc/profile-m-z/wget.profile
+++ b/etc/profile-m-z/wget.profile
@@ -23,7 +23,7 @@ include disable-exec.inc
23include disable-interpreters.inc 23include disable-interpreters.inc
24include disable-programs.inc 24include disable-programs.inc
25include disable-shell.inc 25include disable-shell.inc
26include disable-X11.inc 26include disable-x11.inc
27# Depending on workflow you can add the next line to your wget.local. 27# Depending on workflow you can add the next line to your wget.local.
28#include disable-xdg.inc 28#include disable-xdg.inc
29 29
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile
index e7f66cf76..42ce3bc5c 100644
--- a/etc/profile-m-z/whois.profile
+++ b/etc/profile-m-z/whois.profile
@@ -14,7 +14,7 @@ include disable-devel.inc
14include disable-exec.inc 14include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-X11.inc 17include disable-x11.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile
index 6dd9d03a3..41cf907bd 100644
--- a/etc/profile-m-z/yt-dlp.profile
+++ b/etc/profile-m-z/yt-dlp.profile
@@ -37,7 +37,7 @@ include disable-exec.inc
37include disable-interpreters.inc 37include disable-interpreters.inc
38include disable-programs.inc 38include disable-programs.inc
39include disable-shell.inc 39include disable-shell.inc
40include disable-X11.inc 40include disable-x11.inc
41include disable-xdg.inc 41include disable-xdg.inc
42 42
43include whitelist-usr-share-common.inc 43include whitelist-usr-share-common.inc
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 29ea55439..347cbeb3c 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -120,7 +120,7 @@ include globals.local
120#include disable-programs.inc 120#include disable-programs.inc
121#include disable-shell.inc 121#include disable-shell.inc
122#include disable-write-mnt.inc 122#include disable-write-mnt.inc
123#include disable-X11.inc 123#include disable-x11.inc
124#include disable-xdg.inc 124#include disable-xdg.inc
125 125
126# This section often mirrors noblacklist section above. The idea is 126# This section often mirrors noblacklist section above. The idea is
@@ -181,7 +181,7 @@ include globals.local
181#seccomp.block-secondary 181#seccomp.block-secondary
182##seccomp-error-action log (only for debugging seccomp issues) 182##seccomp-error-action log (only for debugging seccomp issues)
183#tracelog 183#tracelog
184# Prefer 'x11 none' instead of 'disable-X11.inc' if 'net none' is set 184# Prefer 'x11 none' instead of 'disable-x11.inc' if 'net none' is set
185##x11 none 185##x11 none
186 186
187#disable-mnt 187#disable-mnt
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 14:33:48 +0000