aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2018-02-06 21:38:10 +0100
committerLibravatar smitsohu <smitsohu@gmail.com>2018-02-06 21:38:10 +0100
commit22d7d86c0f9fa2b64ef8f10cfa458f7eeaafe64a (patch)
treeaea67c89991c399255906357db6aced50e36c74c
parentenable private-etc for gwenview (diff)
downloadfirejail-22d7d86c0f9fa2b64ef8f10cfa458f7eeaafe64a.tar.gz
firejail-22d7d86c0f9fa2b64ef8f10cfa458f7eeaafe64a.tar.zst
firejail-22d7d86c0f9fa2b64ef8f10cfa458f7eeaafe64a.zip
further harden KDE
and whitelist some kio settings, because we don't know if slave processes will run inside or outside the sandbox. also prevents weird bugs that depend on sequence in which applications were started.
-rw-r--r--etc/disable-common.inc4
-rw-r--r--etc/whitelist-common.inc3
2 files changed, 7 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index cd79f43ab..ec700e24e 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -80,11 +80,15 @@ blacklist ${HOME}/.local/share/plasma
80blacklist ${HOME}/.local/share/solid 80blacklist ${HOME}/.local/share/solid
81read-only ${HOME}/.cache/ksycoca5_* 81read-only ${HOME}/.cache/ksycoca5_*
82read-only ${HOME}/.config/kdeglobals 82read-only ${HOME}/.config/kdeglobals
83read-only ${HOME}/.config/kio_httprc
84read-only ${HOME}/.config/kiorc
83read-only ${HOME}/.config/kioslaverc 85read-only ${HOME}/.config/kioslaverc
84read-only ${HOME}/.kde/share/config/kdeglobals 86read-only ${HOME}/.kde/share/config/kdeglobals
87read-only ${HOME}/.kde/share/config/kio_httprc
85read-only ${HOME}/.kde/share/config/kioslaverc 88read-only ${HOME}/.kde/share/config/kioslaverc
86read-only ${HOME}/.kde/share/kde4/services 89read-only ${HOME}/.kde/share/kde4/services
87read-only ${HOME}/.kde4/share/config/kdeglobals 90read-only ${HOME}/.kde4/share/config/kdeglobals
91read-only ${HOME}/.kde4/share/config/kio_httprc
88read-only ${HOME}/.kde4/share/config/kioslaverc 92read-only ${HOME}/.kde4/share/config/kioslaverc
89read-only ${HOME}/.kde4/share/kde4/services 93read-only ${HOME}/.kde4/share/kde4/services
90read-only ${HOME}/.local/share/kservices5 94read-only ${HOME}/.local/share/kservices5
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 3beb11bfb..97846b4a3 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -55,13 +55,16 @@ whitelist ${HOME}/.config/dconf
55whitelist ${HOME}/.config/Kvantum 55whitelist ${HOME}/.config/Kvantum
56whitelist ${HOME}/.config/Trolltech.conf 56whitelist ${HOME}/.config/Trolltech.conf
57whitelist ${HOME}/.config/kdeglobals 57whitelist ${HOME}/.config/kdeglobals
58whitelist ${HOME}/.config/kio_httprc
58whitelist ${HOME}/.config/kioslaverc 59whitelist ${HOME}/.config/kioslaverc
59whitelist ${HOME}/.config/qt5ct 60whitelist ${HOME}/.config/qt5ct
60whitelist ${HOME}/.kde/share/config/kdeglobals 61whitelist ${HOME}/.kde/share/config/kdeglobals
62whitelist ${HOME}/.kde/share/config/kio_httprc
61whitelist ${HOME}/.kde/share/config/kioslaverc 63whitelist ${HOME}/.kde/share/config/kioslaverc
62whitelist ${HOME}/.kde/share/config/oxygenrc 64whitelist ${HOME}/.kde/share/config/oxygenrc
63whitelist ${HOME}/.kde/share/icons 65whitelist ${HOME}/.kde/share/icons
64whitelist ${HOME}/.kde4/share/config/kdeglobals 66whitelist ${HOME}/.kde4/share/config/kdeglobals
67whitelist ${HOME}/.kde4/share/config/kio_httprc
65whitelist ${HOME}/.kde4/share/config/kioslaverc 68whitelist ${HOME}/.kde4/share/config/kioslaverc
66whitelist ${HOME}/.kde4/share/config/oxygenrc 69whitelist ${HOME}/.kde4/share/config/oxygenrc
67whitelist ${HOME}/.kde4/share/icons 70whitelist ${HOME}/.kde4/share/icons