diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-08-19 07:35:55 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-19 07:35:55 +0000 |
commit | 2e9a23d30cbcd6357a061f208492382dda215e17 (patch) | |
tree | 1e2213cef0066dd31ce82571de7dedc1f46f48ab | |
parent | readme (diff) | |
download | firejail-2e9a23d30cbcd6357a061f208492382dda215e17.tar.gz firejail-2e9a23d30cbcd6357a061f208492382dda215e17.tar.zst firejail-2e9a23d30cbcd6357a061f208492382dda215e17.zip |
noblacklist but no blacklist (#2886)
* beginn fixup
* continue
* continue
* continue
* continue
* continue
* continue
-rw-r--r-- | etc/atom.profile | 1 | ||||
-rw-r--r-- | etc/code.profile | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/emacs.profile | 1 | ||||
-rw-r--r-- | etc/geany.profile | 1 | ||||
-rw-r--r-- | etc/gedit.profile | 1 | ||||
-rw-r--r-- | etc/git.profile | 1 | ||||
-rw-r--r-- | etc/gnome-builder.profile | 1 | ||||
-rw-r--r-- | etc/gnome-schedule.profile | 6 | ||||
-rw-r--r-- | etc/gnome-system-log.profile | 2 | ||||
-rw-r--r-- | etc/mutt.profile | 1 | ||||
-rw-r--r-- | etc/nethack-vultures.profile | 1 | ||||
-rw-r--r-- | etc/pluma.profile | 1 | ||||
-rw-r--r-- | etc/ppsspp.profile | 2 | ||||
-rw-r--r-- | etc/pycharm-community.profile | 1 | ||||
-rw-r--r-- | etc/qutebrowser.profile | 2 | ||||
-rw-r--r-- | etc/scallion.profile | 1 | ||||
-rw-r--r-- | etc/seahorse-tool.profile | 2 | ||||
-rw-r--r-- | etc/seahorse.profile | 1 | ||||
-rw-r--r-- | etc/steam.profile | 2 | ||||
-rw-r--r-- | etc/vim.profile | 1 | ||||
-rw-r--r-- | etc/wine.profile | 2 | ||||
-rw-r--r-- | etc/xed.profile | 1 | ||||
-rw-r--r-- | etc/xmr-stak.profile | 1 |
24 files changed, 3 insertions, 34 deletions
diff --git a/etc/atom.profile b/etc/atom.profile index 8928baf5d..4bb37552b 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -19,7 +19,6 @@ noblacklist ${HOME}/.git-credentials | |||
19 | noblacklist ${HOME}/.python-history | 19 | noblacklist ${HOME}/.python-history |
20 | noblacklist ${HOME}/.python_history | 20 | noblacklist ${HOME}/.python_history |
21 | noblacklist ${HOME}/.pythonhist | 21 | noblacklist ${HOME}/.pythonhist |
22 | noblacklist ${HOME}/.pythonrc.py | ||
23 | 22 | ||
24 | include disable-common.inc | 23 | include disable-common.inc |
25 | include disable-exec.inc | 24 | include disable-exec.inc |
diff --git a/etc/code.profile b/etc/code.profile index 6faf429e1..76320d56b 100644 --- a/etc/code.profile +++ b/etc/code.profile | |||
@@ -15,7 +15,6 @@ noblacklist ${HOME}/.git-credentials | |||
15 | noblacklist ${HOME}/.python-history | 15 | noblacklist ${HOME}/.python-history |
16 | noblacklist ${HOME}/.python_history | 16 | noblacklist ${HOME}/.python_history |
17 | noblacklist ${HOME}/.pythonhist | 17 | noblacklist ${HOME}/.pythonhist |
18 | noblacklist ${HOME}/.pythonrc.py | ||
19 | noblacklist ${HOME}/.vscode | 18 | noblacklist ${HOME}/.vscode |
20 | noblacklist ${HOME}/.vscode-oss | 19 | noblacklist ${HOME}/.vscode-oss |
21 | 20 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a3f7c570b..36afb606a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -641,6 +641,8 @@ blacklist ${HOME}/.tuxguitar* | |||
641 | blacklist ${HOME}/.unknown-horizons | 641 | blacklist ${HOME}/.unknown-horizons |
642 | blacklist ${HOME}/.viking | 642 | blacklist ${HOME}/.viking |
643 | blacklist ${HOME}/.viking-maps | 643 | blacklist ${HOME}/.viking-maps |
644 | blacklist ${HOME}/.vim | ||
645 | blacklist ${HOME}/.vimrc | ||
644 | blacklist ${HOME}/.vscode | 646 | blacklist ${HOME}/.vscode |
645 | blacklist ${HOME}/.vscode-oss | 647 | blacklist ${HOME}/.vscode-oss |
646 | blacklist ${HOME}/.vst | 648 | blacklist ${HOME}/.vst |
@@ -732,6 +734,7 @@ blacklist ${HOME}/.cache/libgweather | |||
732 | blacklist ${HOME}/.cache/liferea | 734 | blacklist ${HOME}/.cache/liferea |
733 | blacklist ${HOME}/.cache/Mendeley Ltd. | 735 | blacklist ${HOME}/.cache/Mendeley Ltd. |
734 | blacklist ${HOME}/.cache/midori | 736 | blacklist ${HOME}/.cache/midori |
737 | blacklist ${HOME}/.cache/minetest | ||
735 | blacklist ${HOME}/.cache/moonchild productions/basilisk | 738 | blacklist ${HOME}/.cache/moonchild productions/basilisk |
736 | blacklist ${HOME}/.cache/moonchild productions/pale moon | 739 | blacklist ${HOME}/.cache/moonchild productions/pale moon |
737 | blacklist ${HOME}/.cache/mozilla | 740 | blacklist ${HOME}/.cache/mozilla |
diff --git a/etc/emacs.profile b/etc/emacs.profile index f8b451f02..95a4dd6b2 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile | |||
@@ -14,7 +14,6 @@ noblacklist ${HOME}/.emacs.d | |||
14 | noblacklist ${HOME}/.python-history | 14 | noblacklist ${HOME}/.python-history |
15 | noblacklist ${HOME}/.python_history | 15 | noblacklist ${HOME}/.python_history |
16 | noblacklist ${HOME}/.pythonhist | 16 | noblacklist ${HOME}/.pythonhist |
17 | noblacklist ${HOME}/.pythonrc.py | ||
18 | 17 | ||
19 | include disable-common.inc | 18 | include disable-common.inc |
20 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
diff --git a/etc/geany.profile b/etc/geany.profile index 2cffb8777..53a718d63 100644 --- a/etc/geany.profile +++ b/etc/geany.profile | |||
@@ -13,7 +13,6 @@ noblacklist ${HOME}/.git-credentials | |||
13 | noblacklist ${HOME}/.python-history | 13 | noblacklist ${HOME}/.python-history |
14 | noblacklist ${HOME}/.python_history | 14 | noblacklist ${HOME}/.python_history |
15 | noblacklist ${HOME}/.pythonhist | 15 | noblacklist ${HOME}/.pythonhist |
16 | noblacklist ${HOME}/.pythonrc.py | ||
17 | 16 | ||
18 | include disable-common.inc | 17 | include disable-common.inc |
19 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
diff --git a/etc/gedit.profile b/etc/gedit.profile index ed6efc3b6..763d33eb1 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -14,7 +14,6 @@ noblacklist ${HOME}/.git-credentials | |||
14 | noblacklist ${HOME}/.python-history | 14 | noblacklist ${HOME}/.python-history |
15 | noblacklist ${HOME}/.python_history | 15 | noblacklist ${HOME}/.python_history |
16 | noblacklist ${HOME}/.pythonhist | 16 | noblacklist ${HOME}/.pythonhist |
17 | noblacklist ${HOME}/.pythonrc.py | ||
18 | 17 | ||
19 | include disable-common.inc | 18 | include disable-common.inc |
20 | # include disable-devel.inc | 19 | # include disable-devel.inc |
diff --git a/etc/git.profile b/etc/git.profile index f7c812e65..8b1c81ca4 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -15,7 +15,6 @@ noblacklist ${HOME}/.gitconfig | |||
15 | noblacklist ${HOME}/.git-credentials | 15 | noblacklist ${HOME}/.git-credentials |
16 | noblacklist ${HOME}/.gnupg | 16 | noblacklist ${HOME}/.gnupg |
17 | noblacklist ${HOME}/.nanorc | 17 | noblacklist ${HOME}/.nanorc |
18 | noblacklist ${HOME}/.oh-my-zsh | ||
19 | noblacklist ${HOME}/.ssh | 18 | noblacklist ${HOME}/.ssh |
20 | noblacklist ${HOME}/.vim | 19 | noblacklist ${HOME}/.vim |
21 | noblacklist ${HOME}/.viminfo | 20 | noblacklist ${HOME}/.viminfo |
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index dfa1a5da8..46281af6e 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile | |||
@@ -14,7 +14,6 @@ noblacklist ${HOME}/.git-credentials | |||
14 | noblacklist ${HOME}/.python-history | 14 | noblacklist ${HOME}/.python-history |
15 | noblacklist ${HOME}/.python_history | 15 | noblacklist ${HOME}/.python_history |
16 | noblacklist ${HOME}/.pythonhist | 16 | noblacklist ${HOME}/.pythonhist |
17 | noblacklist ${HOME}/.pythonrc.py | ||
18 | 17 | ||
19 | include disable-common.inc | 18 | include disable-common.inc |
20 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile index 6c9c83e5f..e8b36dd41 100644 --- a/etc/gnome-schedule.profile +++ b/etc/gnome-schedule.profile | |||
@@ -13,15 +13,9 @@ noblacklist ${PATH}/at | |||
13 | noblacklist ${PATH}/crontab | 13 | noblacklist ${PATH}/crontab |
14 | 14 | ||
15 | # Needs access to these files/dirs | 15 | # Needs access to these files/dirs |
16 | noblacklist /etc/at.allow | ||
17 | noblacklist /etc/at.deny | ||
18 | noblacklist /etc/cron.allow | 16 | noblacklist /etc/cron.allow |
19 | noblacklist /etc/cron.deny | 17 | noblacklist /etc/cron.deny |
20 | noblacklist /etc/fonts | ||
21 | noblacklist /etc/ld.so.preload | ||
22 | noblacklist /etc/pam.d | ||
23 | noblacklist /etc/shadow | 18 | noblacklist /etc/shadow |
24 | noblacklist /var/spool/at | ||
25 | noblacklist /var/spool/cron | 19 | noblacklist /var/spool/cron |
26 | 20 | ||
27 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) | 21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) |
diff --git a/etc/gnome-system-log.profile b/etc/gnome-system-log.profile index f1347a8dc..b2907b32c 100644 --- a/etc/gnome-system-log.profile +++ b/etc/gnome-system-log.profile | |||
@@ -6,8 +6,6 @@ include gnome-system-log.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/log | ||
10 | |||
11 | include disable-common.inc | 9 | include disable-common.inc |
12 | include disable-devel.inc | 10 | include disable-devel.inc |
13 | include disable-exec.inc | 11 | include disable-exec.inc |
diff --git a/etc/mutt.profile b/etc/mutt.profile index c424dbb85..92babd50f 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -17,7 +17,6 @@ noblacklist ${HOME}/.emacs | |||
17 | noblacklist ${HOME}/.emacs.d | 17 | noblacklist ${HOME}/.emacs.d |
18 | noblacklist ${HOME}/.gnupg | 18 | noblacklist ${HOME}/.gnupg |
19 | noblacklist ${HOME}/.mail | 19 | noblacklist ${HOME}/.mail |
20 | noblacklist ${HOME}/.mailcap | ||
21 | noblacklist ${HOME}/.msmtprc | 20 | noblacklist ${HOME}/.msmtprc |
22 | noblacklist ${HOME}/.mutt | 21 | noblacklist ${HOME}/.mutt |
23 | noblacklist ${HOME}/.muttrc | 22 | noblacklist ${HOME}/.muttrc |
diff --git a/etc/nethack-vultures.profile b/etc/nethack-vultures.profile index e1294153b..079f44ee7 100644 --- a/etc/nethack-vultures.profile +++ b/etc/nethack-vultures.profile | |||
@@ -7,7 +7,6 @@ include nethack.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vultures | 9 | noblacklist ${HOME}/.vultures |
10 | noblacklist /var/log | ||
11 | 10 | ||
12 | include disable-common.inc | 11 | include disable-common.inc |
13 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/pluma.profile b/etc/pluma.profile index 1e0512fd8..4c32c2979 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -11,7 +11,6 @@ noblacklist ${HOME}/.config/pluma | |||
11 | noblacklist ${HOME}/.python-history | 11 | noblacklist ${HOME}/.python-history |
12 | noblacklist ${HOME}/.python_history | 12 | noblacklist ${HOME}/.python_history |
13 | noblacklist ${HOME}/.pythonhist | 13 | noblacklist ${HOME}/.pythonhist |
14 | noblacklist ${HOME}/.pythonrc.py | ||
15 | 14 | ||
16 | include disable-common.inc | 15 | include disable-common.inc |
17 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 116698312..970290002 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -8,8 +8,6 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ppsspp | 9 | noblacklist ${HOME}/.config/ppsspp |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | # with >=llvm-4 mesa drivers need llvm stuff | ||
12 | noblacklist /usr/lib/llvm* | ||
13 | 11 | ||
14 | include disable-common.inc | 12 | include disable-common.inc |
15 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index 17218adee..e1d55c89e 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile | |||
@@ -9,7 +9,6 @@ noblacklist ${HOME}/.PyCharmCE* | |||
9 | noblacklist ${HOME}/.python-history | 9 | noblacklist ${HOME}/.python-history |
10 | noblacklist ${HOME}/.python_history | 10 | noblacklist ${HOME}/.python_history |
11 | noblacklist ${HOME}/.pythonhist | 11 | noblacklist ${HOME}/.pythonhist |
12 | noblacklist ${HOME}/.pythonrc.py | ||
13 | 12 | ||
14 | # Allow java (blacklisted by disable-devel.inc) | 13 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 14 | include allow-java.inc |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index e556ecf1f..a7ba18292 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -9,8 +9,6 @@ include globals.local | |||
9 | noblacklist ${HOME}/.cache/qutebrowser | 9 | noblacklist ${HOME}/.cache/qutebrowser |
10 | noblacklist ${HOME}/.config/qutebrowser | 10 | noblacklist ${HOME}/.config/qutebrowser |
11 | noblacklist ${HOME}/.local/share/qutebrowser | 11 | noblacklist ${HOME}/.local/share/qutebrowser |
12 | # with >=llvm-4 mesa drivers need llvm stuff | ||
13 | noblacklist /usr/lib/llvm* | ||
14 | 12 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/scallion.profile b/etc/scallion.profile index 232ec4346..dee9e1f40 100644 --- a/etc/scallion.profile +++ b/etc/scallion.profile | |||
@@ -7,7 +7,6 @@ include scallion.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/llvm* | 9 | noblacklist ${PATH}/llvm* |
10 | noblacklist /usr/lib/llvm* | ||
11 | noblacklist ${PATH}/openssl | 10 | noblacklist ${PATH}/openssl |
12 | noblacklist ${PATH}/openssl-1.0 | 11 | noblacklist ${PATH}/openssl-1.0 |
13 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
diff --git a/etc/seahorse-tool.profile b/etc/seahorse-tool.profile index 96f365a4b..4bf23c512 100644 --- a/etc/seahorse-tool.profile +++ b/etc/seahorse-tool.profile | |||
@@ -7,8 +7,6 @@ include seahorse-tool.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${DOWNLOADS} | ||
11 | |||
12 | private-tmp | 10 | private-tmp |
13 | 11 | ||
14 | memory-deny-write-execute | 12 | memory-deny-write-execute |
diff --git a/etc/seahorse.profile b/etc/seahorse.profile index 0c824e95b..b9a0fd149 100644 --- a/etc/seahorse.profile +++ b/etc/seahorse.profile | |||
@@ -8,7 +8,6 @@ include globals.local | |||
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/dconf | ||
12 | noblacklist ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
13 | noblacklist ${HOME}/.ssh | 12 | noblacklist ${HOME}/.ssh |
14 | noblacklist /tmp/ssh-* | 13 | noblacklist /tmp/ssh-* |
diff --git a/etc/steam.profile b/etc/steam.profile index 569f281a0..654ea825e 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -19,8 +19,6 @@ noblacklist ${HOME}/.local/share/vulkan | |||
19 | noblacklist ${HOME}/.steam | 19 | noblacklist ${HOME}/.steam |
20 | noblacklist ${HOME}/.steampath | 20 | noblacklist ${HOME}/.steampath |
21 | noblacklist ${HOME}/.steampid | 21 | noblacklist ${HOME}/.steampid |
22 | # with >=llvm-4 mesa drivers need llvm stuff | ||
23 | noblacklist /usr/lib/llvm* | ||
24 | # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work | 22 | # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work |
25 | noblacklist /sbin | 23 | noblacklist /sbin |
26 | noblacklist /usr/sbin | 24 | noblacklist /usr/sbin |
diff --git a/etc/vim.profile b/etc/vim.profile index 49abb0d44..957dc91aa 100644 --- a/etc/vim.profile +++ b/etc/vim.profile | |||
@@ -9,7 +9,6 @@ include globals.local | |||
9 | noblacklist ${HOME}/.python-history | 9 | noblacklist ${HOME}/.python-history |
10 | noblacklist ${HOME}/.python_history | 10 | noblacklist ${HOME}/.python_history |
11 | noblacklist ${HOME}/.pythonhist | 11 | noblacklist ${HOME}/.pythonhist |
12 | noblacklist ${HOME}/.pythonrc.py | ||
13 | noblacklist ${HOME}/.vim | 12 | noblacklist ${HOME}/.vim |
14 | noblacklist ${HOME}/.viminfo | 13 | noblacklist ${HOME}/.viminfo |
15 | noblacklist ${HOME}/.vimrc | 14 | noblacklist ${HOME}/.vimrc |
diff --git a/etc/wine.profile b/etc/wine.profile index 34c695cf1..192c375cd 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -11,8 +11,6 @@ noblacklist ${HOME}/.local/share/Steam | |||
11 | noblacklist ${HOME}/.local/share/steam | 11 | noblacklist ${HOME}/.local/share/steam |
12 | noblacklist ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
13 | noblacklist ${HOME}/.wine | 13 | noblacklist ${HOME}/.wine |
14 | # with >=llvm-4 mesa drivers need llvm stuff | ||
15 | noblacklist /usr/lib/llvm* | ||
16 | 14 | ||
17 | include disable-common.inc | 15 | include disable-common.inc |
18 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/xed.profile b/etc/xed.profile index a02f1ef51..a67230e51 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -9,7 +9,6 @@ noblacklist ${HOME}/.config/xed | |||
9 | noblacklist ${HOME}/.python-history | 9 | noblacklist ${HOME}/.python-history |
10 | noblacklist ${HOME}/.python_history | 10 | noblacklist ${HOME}/.python_history |
11 | noblacklist ${HOME}/.pythonhist | 11 | noblacklist ${HOME}/.pythonhist |
12 | noblacklist ${HOME}/.pythonrc.py | ||
13 | 12 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 3fbdf66ab..c6ba9bd9d 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile | |||
@@ -6,7 +6,6 @@ include xmr-stak.local | |||
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmr-stak | 8 | noblacklist ${HOME}/.xmr-stak |
9 | noblacklist /usr/lib/llvm* | ||
10 | 9 | ||
11 | include disable-common.inc | 10 | include disable-common.inc |
12 | include disable-devel.inc | 11 | include disable-devel.inc |