further harden KDE

and whitelist some kio settings, because we don't know if slave processes will run inside or outside the sandbox.
also prevents weird bugs that depend on sequence in which applications were started.

1 files changed, 4 insertions, 0 deletions

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index cd79f43ab..ec700e24e 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -80,11 +80,15 @@ blacklist ${HOME}/.local/share/plasma
 blacklist ${HOME}/.local/share/solid
 read-only ${HOME}/.cache/ksycoca5_*
 read-only ${HOME}/.config/kdeglobals
+read-only ${HOME}/.config/kio_httprc
+read-only ${HOME}/.config/kiorc
 read-only ${HOME}/.config/kioslaverc
 read-only ${HOME}/.kde/share/config/kdeglobals
+read-only ${HOME}/.kde/share/config/kio_httprc
 read-only ${HOME}/.kde/share/config/kioslaverc
 read-only ${HOME}/.kde/share/kde4/services
 read-only ${HOME}/.kde4/share/config/kdeglobals
+read-only ${HOME}/.kde4/share/config/kio_httprc
 read-only ${HOME}/.kde4/share/config/kioslaverc
 read-only ${HOME}/.kde4/share/kde4/services
 read-only ${HOME}/.local/share/kservices5