diff options
author | smitsohu <smitsohu@gmail.com> | 2017-10-31 02:24:39 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2017-10-31 02:24:39 +0100 |
commit | 871dfe351fd8cf19c8c7f330187c994b911ec995 (patch) | |
tree | fc7839dff34b0b14e92a0cd87d45f56f744d45cd /etc/disable-common.inc | |
parent | fix --ignore=quiet (diff) | |
download | firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.tar.gz firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.tar.zst firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.zip |
harden kde
and whitelist kioslaverc because we don't know if kdeinit
will run outside or inside the sandbox.
Diffstat (limited to 'etc/disable-common.inc')
-rw-r--r-- | etc/disable-common.inc | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 09ab39968..6c8a68d9e 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -47,6 +47,8 @@ blacklist /etc/xdg/autostart | |||
47 | blacklist ${HOME}/.config/*.notifyrc | 47 | blacklist ${HOME}/.config/*.notifyrc |
48 | blacklist ${HOME}/.config/khotkeysrc | 48 | blacklist ${HOME}/.config/khotkeysrc |
49 | blacklist ${HOME}/.config/krunnerrc | 49 | blacklist ${HOME}/.config/krunnerrc |
50 | blacklist ${HOME}/.config/kwinrc | ||
51 | blacklist ${HOME}/.config/kwinrulesrc | ||
50 | blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc | 52 | blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc |
51 | blacklist ${HOME}/.kde/share/apps/konsole | 53 | blacklist ${HOME}/.kde/share/apps/konsole |
52 | blacklist ${HOME}/.kde/share/apps/kwin | 54 | blacklist ${HOME}/.kde/share/apps/kwin |
@@ -55,25 +57,32 @@ blacklist ${HOME}/.kde/share/apps/solid | |||
55 | blacklist ${HOME}/.kde/share/config/*.notifyrc | 57 | blacklist ${HOME}/.kde/share/config/*.notifyrc |
56 | blacklist ${HOME}/.kde/share/config/khotkeysrc | 58 | blacklist ${HOME}/.kde/share/config/khotkeysrc |
57 | blacklist ${HOME}/.kde/share/config/krunnerrc | 59 | blacklist ${HOME}/.kde/share/config/krunnerrc |
60 | blacklist ${HOME}/.kde/share/config/kwinrc | ||
61 | blacklist ${HOME}/.kde/share/config/kwinrulesrc | ||
58 | blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc | 62 | blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc |
59 | blacklist ${HOME}/.kde4/share/apps/plasma | ||
60 | blacklist ${HOME}/.kde4/share/apps/konsole | 63 | blacklist ${HOME}/.kde4/share/apps/konsole |
61 | blacklist ${HOME}/.kde4/share/apps/kwin | 64 | blacklist ${HOME}/.kde4/share/apps/kwin |
62 | blacklist ${HOME}/.kde4/share/config/krunnerrc | 65 | blacklist ${HOME}/.kde4/share/apps/plasma |
63 | blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc | ||
64 | blacklist ${HOME}/.kde4/share/config/khotkeysrc | ||
65 | blacklist ${HOME}/.kde4/share/apps/solid | 66 | blacklist ${HOME}/.kde4/share/apps/solid |
66 | blacklist ${HOME}/.kde4/share/config/*.notifyrc | 67 | blacklist ${HOME}/.kde4/share/config/*.notifyrc |
68 | blacklist ${HOME}/.kde4/share/config/khotkeysrc | ||
69 | blacklist ${HOME}/.kde4/share/config/krunnerrc | ||
70 | blacklist ${HOME}/.kde4/share/config/kwinrc | ||
71 | blacklist ${HOME}/.kde4/share/config/kwinrulesrc | ||
72 | blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc | ||
67 | blacklist ${HOME}/.local/share/kglobalaccel | 73 | blacklist ${HOME}/.local/share/kglobalaccel |
68 | blacklist ${HOME}/.local/share/konsole | 74 | blacklist ${HOME}/.local/share/konsole |
69 | blacklist ${HOME}/.local/share/kwin | 75 | blacklist ${HOME}/.local/share/kwin |
70 | blacklist ${HOME}/.local/share/plasma | 76 | blacklist ${HOME}/.local/share/plasma |
71 | blacklist ${HOME}/.local/share/solid | 77 | blacklist ${HOME}/.local/share/solid |
72 | read-only ${HOME}/.config/kdeglobals | 78 | read-only ${HOME}/.config/kdeglobals |
79 | read-only ${HOME}/.config/kioslaverc | ||
73 | read-only ${HOME}/.kde/share/config/kdeglobals | 80 | read-only ${HOME}/.kde/share/config/kdeglobals |
81 | read-only ${HOME}/.kde/share/config/kioslaverc | ||
74 | read-only ${HOME}/.kde/share/kde4/services | 82 | read-only ${HOME}/.kde/share/kde4/services |
75 | read-only ${HOME}/.kde4/share/kde4/services | ||
76 | read-only ${HOME}/.kde4/share/config/kdeglobals | 83 | read-only ${HOME}/.kde4/share/config/kdeglobals |
84 | read-only ${HOME}/.kde4/share/config/kioslaverc | ||
85 | read-only ${HOME}/.kde4/share/kde4/services | ||
77 | read-only ${HOME}/.local/share/kservices5 | 86 | read-only ${HOME}/.local/share/kservices5 |
78 | 87 | ||
79 | # kdeinit socket | 88 | # kdeinit socket |