Merge pull request #5635 from kmk3/dc-add-ro-editor-browser

disable-common.inc: add more ro editor/browser paths
author: netblue30 <netblue30@protonmail.com> 2023-01-31 18:02:37 -0500
committer: GitHub <noreply@github.com> 2023-01-31 18:02:37 -0500
commit: 4b2a38bc2aedd787089e34063c74ab5e7456b529 (patch)
tree: 0c6e14a0ff4f77922b1c58c7e120797a9475ddb5
parent: Merge pull request #5631 from glitsj16/inkscape (diff)
parent: disable-common.inc: make ~/.config/nano read-only (diff)
download: firejail-4b2a38bc2aedd787089e34063c74ab5e7456b529.tar.gz
firejail-4b2a38bc2aedd787089e34063c74ab5e7456b529.tar.zst
firejail-4b2a38bc2aedd787089e34063c74ab5e7456b529.zip
6 files changed, 9 insertions, 6 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 66a309d85..03daaa9a6 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -327,9 +327,11 @@ read-only ${HOME}/.ssh/config.d
 # Initialization files that allow arbitrary command execution
 read-only ${HOME}/.caffrc
 read-only ${HOME}/.cargo/env
+read-only ${HOME}/.config/nano
 read-only ${HOME}/.config/nvim
 read-only ${HOME}/.config/pkcs11
 read-only ${HOME}/.dotfiles
+read-only ${HOME}/.elinks
 read-only ${HOME}/.emacs
 read-only ${HOME}/.emacs.d
 read-only ${HOME}/.exrc
@@ -345,6 +347,7 @@ read-only ${HOME}/.msmtprc
 read-only ${HOME}/.mutt/muttrc
 read-only ${HOME}/.muttrc
 read-only ${HOME}/.nano
+read-only ${HOME}/.nanorc
 read-only ${HOME}/.npmrc
 read-only ${HOME}/.pythonrc.py
 read-only ${HOME}/.reportbugrc
@@ -352,6 +355,7 @@ read-only ${HOME}/.tmux.conf
 read-only ${HOME}/.vim
 read-only ${HOME}/.viminfo
 read-only ${HOME}/.vimrc
+read-only ${HOME}/.w3m
 read-only ${HOME}/.xmonad
 read-only ${HOME}/.xscreensaver
 read-only ${HOME}/.yarnrc
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile
index a3596bb5e..aab3b3902 100644
--- a/etc/profile-a-l/elinks.profile
+++ b/etc/profile-a-l/elinks.profile
@@ -17,5 +17,7 @@ whitelist ${HOME}/.elinks
 private-bin elinks
+read-write ${HOME}/.elinks
 # Redirect
 include links-common.profile
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index bce56743a..904b0cd7c 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -133,8 +133,5 @@ dbus-user none
 dbus-system none
 memory-deny-write-execute
-read-only ${HOME}/.elinks
-read-only ${HOME}/.nanorc
 read-only ${HOME}/.signature
-read-only ${HOME}/.w3m
 restrict-namespaces
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile
index a20eb3828..74403c335 100644
--- a/etc/profile-m-z/nano.profile
+++ b/etc/profile-m-z/nano.profile
@@ -56,4 +56,6 @@ dbus-user none
 dbus-system none
 memory-deny-write-execute
+read-write ${HOME}/.config/nano
+read-write ${HOME}/.nanorc
 restrict-namespaces
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index c255a85c9..f343226ae 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -125,8 +125,5 @@ dbus-user none
 dbus-system none
 memory-deny-write-execute
-read-only ${HOME}/.elinks
-read-only ${HOME}/.nanorc
 read-only ${HOME}/.signature
-read-only ${HOME}/.w3m
 restrict-namespaces
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index fab5315aa..1e111f83e 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -68,4 +68,5 @@ dbus-user none
 dbus-system none
 memory-deny-write-execute
+read-write ${HOME}/.w3m
 restrict-namespaces
author	netblue30 <netblue30@protonmail.com>	2023-01-31 18:02:37 -0500
committer	GitHub <noreply@github.com>	2023-01-31 18:02:37 -0500
commit	4b2a38bc2aedd787089e34063c74ab5e7456b529 (patch)
tree	0c6e14a0ff4f77922b1c58c7e120797a9475ddb5
parent	Merge pull request #5631 from glitsj16/inkscape (diff)
parent	disable-common.inc: make ~/.config/nano read-only (diff)
download	firejail-4b2a38bc2aedd787089e34063c74ab5e7456b529.tar.gz firejail-4b2a38bc2aedd787089e34063c74ab5e7456b529.tar.zst firejail-4b2a38bc2aedd787089e34063c74ab5e7456b529.zip