diff options
| author |  SYN-cook <syncookongit@gmail.com> | 2017-03-31 16:24:38 +0200 |
|---|---|---|
| committer |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-03-31 14:24:38 +0000 |
| commit | ba85fa81088a0b468f3fb98d96b535f8d07989c8 (patch) | |
| tree | bef5910fdcbc1b393079b61cc11782f50f3a3017 /etc/disable-common.inc | |
| parent | restrict more KDE files (#1181) (diff) | |
| download | firejail-ba85fa81088a0b468f3fb98d96b535f8d07989c8.tar.gz firejail-ba85fa81088a0b468f3fb98d96b535f8d07989c8.tar.zst firejail-ba85fa81088a0b468f3fb98d96b535f8d07989c8.zip | |
tidy up (#1182)
* minor reorganization
* tidy up
* tidy up
* tidy up
* tidy up
* tidy up
* tidy up
Diffstat (limited to 'etc/disable-common.inc')
| -rw-r--r-- | etc/disable-common.inc | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 0ada3314f..451203865 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -6,11 +6,8 @@ include /etc/firejail/disable-common.local | |||
| 6 | blacklist-nolog ${HOME}/.history | 6 | blacklist-nolog ${HOME}/.history |
| 7 | blacklist-nolog ${HOME}/.*_history | 7 | blacklist-nolog ${HOME}/.*_history |
| 8 | blacklist-nolog ${HOME}/.bash_history | 8 | blacklist-nolog ${HOME}/.bash_history |
| 9 | blacklist ${HOME}/.local/share/systemd | ||
| 10 | blacklist ${HOME}/.config/systemd | ||
| 11 | blacklist-nolog ${HOME}/.adobe | 9 | blacklist-nolog ${HOME}/.adobe |
| 12 | blacklist-nolog ${HOME}/.macromedia | 10 | blacklist-nolog ${HOME}/.macromedia |
| 13 | read-only ${HOME}/.local/share/applications | ||
| 14 | 11 | ||
| 15 | # X11 session autostart | 12 | # X11 session autostart |
| 16 | blacklist ${HOME}/.xinitrc | 13 | blacklist ${HOME}/.xinitrc |
| @@ -74,6 +71,10 @@ blacklist ${HOME}/.local/share/kservices5 | |||
| 74 | blacklist ${HOME}/.local/share/plasma | 71 | blacklist ${HOME}/.local/share/plasma |
| 75 | blacklist ${HOME}/.local/share/solid | 72 | blacklist ${HOME}/.local/share/solid |
| 76 | 73 | ||
| 74 | # systemd | ||
| 75 | blacklist ${HOME}/.local/share/systemd | ||
| 76 | blacklist ${HOME}/.config/systemd | ||
| 77 | |||
| 77 | # VirtualBox | 78 | # VirtualBox |
| 78 | blacklist ${HOME}/.VirtualBox | 79 | blacklist ${HOME}/.VirtualBox |
| 79 | blacklist ${HOME}/VirtualBox VMs | 80 | blacklist ${HOME}/VirtualBox VMs |
| @@ -177,9 +178,11 @@ read-only ${HOME}/.luarocks | |||
| 177 | read-only ${HOME}/.npm-packages | 178 | read-only ${HOME}/.npm-packages |
| 178 | 179 | ||
| 179 | # Make the contents of ~/.local read-only, | 180 | # Make the contents of ~/.local read-only, |
| 180 | # except the commonly-used ~/.local/share | 181 | # except the commonly-used ~/.local/share, |
| 182 | # but including ~/.local/share/applications | ||
| 181 | read-only ${HOME}/.local | 183 | read-only ${HOME}/.local |
| 182 | read-write ${HOME}/.local/share | 184 | read-write ${HOME}/.local/share |
| 185 | read-only ${HOME}/.local/share/applications | ||
| 183 | 186 | ||
| 184 | # top secret | 187 | # top secret |
| 185 | blacklist ${HOME}/.ecryptfs | 188 | blacklist ${HOME}/.ecryptfs |