diff options
author | netblue30 <netblue30@protonmail.com> | 2021-07-28 19:01:17 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-28 19:01:17 +0000 |
commit | 2b5eb07e078c560a3ae184f4f997b7d7353a1a32 (patch) | |
tree | 0be4523f0ab86740a0c2e1dbe52b742fc9805b24 /etc/profile-a-l | |
parent | moved rules from firefox-common.profile to firefox.profile (diff) | |
parent | Merge pull request #4412 from netblue30/Neo00001-patch-1 (diff) | |
download | firejail-2b5eb07e078c560a3ae184f4f997b7d7353a1a32.tar.gz firejail-2b5eb07e078c560a3ae184f4f997b7d7353a1a32.tar.zst firejail-2b5eb07e078c560a3ae184f4f997b7d7353a1a32.zip |
Merge branch 'master' into master
Diffstat (limited to 'etc/profile-a-l')
372 files changed, 1654 insertions, 1593 deletions
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 6f493fff1..4009853d3 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -6,11 +6,11 @@ include 0ad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/0ad | 9 | noblacklist ${HOME}/.cache/0ad |
10 | nodeny ${HOME}/.config/0ad | 10 | noblacklist ${HOME}/.config/0ad |
11 | nodeny ${HOME}/.local/share/0ad | 11 | noblacklist ${HOME}/.local/share/0ad |
12 | 12 | ||
13 | deny /usr/libexec | 13 | blacklist /usr/libexec |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/.cache/0ad | 23 | mkdir ${HOME}/.cache/0ad |
24 | mkdir ${HOME}/.config/0ad | 24 | mkdir ${HOME}/.config/0ad |
25 | mkdir ${HOME}/.local/share/0ad | 25 | mkdir ${HOME}/.local/share/0ad |
26 | allow ${HOME}/.cache/0ad | 26 | whitelist ${HOME}/.cache/0ad |
27 | allow ${HOME}/.config/0ad | 27 | whitelist ${HOME}/.config/0ad |
28 | allow ${HOME}/.local/share/0ad | 28 | whitelist ${HOME}/.local/share/0ad |
29 | allow /usr/share/0ad | 29 | whitelist /usr/share/0ad |
30 | allow /usr/share/games | 30 | whitelist /usr/share/games |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 3a7b331a7..1d787cba7 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile | |||
@@ -6,8 +6,8 @@ include 2048-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/2048-qt | 9 | noblacklist ${HOME}/.config/2048-qt |
10 | nodeny ${HOME}/.config/xiaoyong | 10 | noblacklist ${HOME}/.config/xiaoyong |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/2048-qt | 19 | mkdir ${HOME}/.config/2048-qt |
20 | mkdir ${HOME}/.config/xiaoyong | 20 | mkdir ${HOME}/.config/xiaoyong |
21 | allow ${HOME}/.config/2048-qt | 21 | whitelist ${HOME}/.config/2048-qt |
22 | allow ${HOME}/.config/xiaoyong | 22 | whitelist ${HOME}/.config/xiaoyong |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index def0ec111..1d86b0fbf 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile | |||
@@ -5,7 +5,7 @@ include Cryptocat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Cryptocat | 8 | noblacklist ${HOME}/.config/Cryptocat |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile index 1d3ae49ca..3f274b21c 100644 --- a/etc/profile-a-l/Discord.profile +++ b/etc/profile-a-l/Discord.profile | |||
@@ -5,10 +5,10 @@ include Discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/discord | 8 | noblacklist ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | allow ${HOME}/.config/discord | 11 | whitelist ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin Discord | 13 | private-bin Discord |
14 | private-opt Discord | 14 | private-opt Discord |
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile index 3c85f187b..d24e73ed8 100644 --- a/etc/profile-a-l/DiscordCanary.profile +++ b/etc/profile-a-l/DiscordCanary.profile | |||
@@ -5,10 +5,10 @@ include DiscordCanary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/discordcanary | 8 | noblacklist ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | allow ${HOME}/.config/discordcanary | 11 | whitelist ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin DiscordCanary | 13 | private-bin DiscordCanary |
14 | private-opt DiscordCanary | 14 | private-opt DiscordCanary |
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 8f746581f..7dc6b5ff0 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile | |||
@@ -6,8 +6,8 @@ include Fritzing.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Fritzing | 9 | noblacklist ${HOME}/.config/Fritzing |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index 9a00c3230..d10b70796 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile | |||
@@ -5,7 +5,7 @@ include JDownloader.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.jd | 8 | noblacklist ${HOME}/.jd |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.jd | 21 | mkdir ${HOME}/.jd |
22 | allow ${HOME}/.jd | 22 | whitelist ${HOME}/.jd |
23 | allow ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index 2a92c7db4..75da9a956 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -6,7 +6,7 @@ include abiword.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/abiword | 9 | noblacklist ${HOME}/.config/abiword |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | allow /usr/share/abiword-3.0 | 19 | whitelist /usr/share/abiword-3.0 |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile index 70ddcec20..2e6e8f1af 100644 --- a/etc/profile-a-l/abrowser.profile +++ b/etc/profile-a-l/abrowser.profile | |||
@@ -5,13 +5,13 @@ include abrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | nodeny ${HOME}/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/abrowser | 11 | mkdir ${HOME}/.cache/mozilla/abrowser |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | allow ${HOME}/.cache/mozilla/abrowser | 13 | whitelist ${HOME}/.cache/mozilla/abrowser |
14 | allow ${HOME}/.mozilla | 14 | whitelist ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc abrowser | 17 | #private-etc abrowser |
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index d32586c5b..34f59769e 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -7,8 +7,8 @@ include agetpkg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,7 +23,7 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | allow ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 7b1d1445f..37fdb38b5 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -4,22 +4,22 @@ include akonadi_control.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | nodeny ${HOME}/.cache/akonadi* | 7 | noblacklist ${HOME}/.cache/akonadi* |
8 | nodeny ${HOME}/.config/akonadi* | 8 | noblacklist ${HOME}/.config/akonadi* |
9 | nodeny ${HOME}/.config/baloorc | 9 | noblacklist ${HOME}/.config/baloorc |
10 | nodeny ${HOME}/.config/emaildefaults | 10 | noblacklist ${HOME}/.config/emaildefaults |
11 | nodeny ${HOME}/.config/emailidentities | 11 | noblacklist ${HOME}/.config/emailidentities |
12 | nodeny ${HOME}/.config/kmail2rc | 12 | noblacklist ${HOME}/.config/kmail2rc |
13 | nodeny ${HOME}/.config/mailtransports | 13 | noblacklist ${HOME}/.config/mailtransports |
14 | nodeny ${HOME}/.config/specialmailcollectionsrc | 14 | noblacklist ${HOME}/.config/specialmailcollectionsrc |
15 | nodeny ${HOME}/.local/share/akonadi* | 15 | noblacklist ${HOME}/.local/share/akonadi* |
16 | nodeny ${HOME}/.local/share/apps/korganizer | 16 | noblacklist ${HOME}/.local/share/apps/korganizer |
17 | nodeny ${HOME}/.local/share/contacts | 17 | noblacklist ${HOME}/.local/share/contacts |
18 | nodeny ${HOME}/.local/share/local-mail | 18 | noblacklist ${HOME}/.local/share/local-mail |
19 | nodeny ${HOME}/.local/share/notes | 19 | noblacklist ${HOME}/.local/share/notes |
20 | nodeny /sbin | 20 | noblacklist /sbin |
21 | nodeny /tmp/akonadi-* | 21 | noblacklist /tmp/akonadi-* |
22 | nodeny /usr/sbin | 22 | noblacklist /usr/sbin |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index b2323547c..38fcd2dc1 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile | |||
@@ -6,9 +6,9 @@ include akregator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/akregatorrc | 9 | noblacklist ${HOME}/.config/akregatorrc |
10 | nodeny ${HOME}/.local/share/akregator | 10 | noblacklist ${HOME}/.local/share/akregator |
11 | nodeny ${HOME}/.local/share/kxmlgui5/akregator | 11 | noblacklist ${HOME}/.local/share/kxmlgui5/akregator |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-shell.inc | |||
21 | mkfile ${HOME}/.config/akregatorrc | 21 | mkfile ${HOME}/.config/akregatorrc |
22 | mkdir ${HOME}/.local/share/akregator | 22 | mkdir ${HOME}/.local/share/akregator |
23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator | 23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator |
24 | allow ${HOME}/.config/akregatorrc | 24 | whitelist ${HOME}/.config/akregatorrc |
25 | allow ${HOME}/.local/share/akregator | 25 | whitelist ${HOME}/.local/share/akregator |
26 | allow ${HOME}/.local/share/kssl | 26 | whitelist ${HOME}/.local/share/kssl |
27 | allow ${HOME}/.local/share/kxmlgui5/akregator | 27 | whitelist ${HOME}/.local/share/kxmlgui5/akregator |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index ca6c8d887..4c6d68020 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # Whitelist your system icon directory,varies by distro | 21 | # Whitelist your system icon directory,varies by distro |
22 | allow /usr/share/alacarte | 22 | whitelist /usr/share/alacarte |
23 | allow /usr/share/app-info | 23 | whitelist /usr/share/app-info |
24 | allow /usr/share/desktop-directories | 24 | whitelist /usr/share/desktop-directories |
25 | allow /usr/share/icons | 25 | whitelist /usr/share/icons |
26 | allow /var/lib/app-info/icons | 26 | whitelist /var/lib/app-info/icons |
27 | allow /var/lib/flatpak/exports/share/applications | 27 | whitelist /var/lib/flatpak/exports/share/applications |
28 | allow /var/lib/flatpak/exports/share/icons | 28 | whitelist /var/lib/flatpak/exports/share/icons |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index 220c3345d..81ee6bd46 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -6,7 +6,7 @@ include alienarena.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/cor-games | 9 | noblacklist ${HOME}/.local/share/cor-games |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/cor-games | 20 | mkdir ${HOME}/.local/share/cor-games |
21 | allow ${HOME}/.local/share/cor-games | 21 | whitelist ${HOME}/.local/share/cor-games |
22 | allow /usr/share/alienarena | 22 | whitelist /usr/share/alienarena |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 6fa3edfa1..0b5cf0df0 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -10,28 +10,28 @@ include globals.local | |||
10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 | 10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 |
11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' | 11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' |
12 | 12 | ||
13 | nodeny /var/mail | 13 | noblacklist /var/mail |
14 | nodeny /var/spool/mail | 14 | noblacklist /var/spool/mail |
15 | nodeny ${DOCUMENTS} | 15 | noblacklist ${DOCUMENTS} |
16 | nodeny ${HOME}/.addressbook | 16 | noblacklist ${HOME}/.addressbook |
17 | nodeny ${HOME}/.alpine-smime | 17 | noblacklist ${HOME}/.alpine-smime |
18 | nodeny ${HOME}/.mailcap | 18 | noblacklist ${HOME}/.mailcap |
19 | nodeny ${HOME}/.mh_profile | 19 | noblacklist ${HOME}/.mh_profile |
20 | nodeny ${HOME}/.mime.types | 20 | noblacklist ${HOME}/.mime.types |
21 | nodeny ${HOME}/.newsrc | 21 | noblacklist ${HOME}/.newsrc |
22 | nodeny ${HOME}/.pine-crash | 22 | noblacklist ${HOME}/.pine-crash |
23 | nodeny ${HOME}/.pine-debug1 | 23 | noblacklist ${HOME}/.pine-debug1 |
24 | nodeny ${HOME}/.pine-debug2 | 24 | noblacklist ${HOME}/.pine-debug2 |
25 | nodeny ${HOME}/.pine-debug3 | 25 | noblacklist ${HOME}/.pine-debug3 |
26 | nodeny ${HOME}/.pine-debug4 | 26 | noblacklist ${HOME}/.pine-debug4 |
27 | nodeny ${HOME}/.pine-interrupted-mail | 27 | noblacklist ${HOME}/.pine-interrupted-mail |
28 | nodeny ${HOME}/.pinerc | 28 | noblacklist ${HOME}/.pinerc |
29 | nodeny ${HOME}/.pinercex | 29 | noblacklist ${HOME}/.pinercex |
30 | nodeny ${HOME}/.signature | 30 | noblacklist ${HOME}/.signature |
31 | nodeny ${HOME}/mail | 31 | noblacklist ${HOME}/mail |
32 | 32 | ||
33 | deny /tmp/.X11-unix | 33 | blacklist /tmp/.X11-unix |
34 | deny ${RUNUSER}/wayland-* | 34 | blacklist ${RUNUSER}/wayland-* |
35 | 35 | ||
36 | include disable-common.inc | 36 | include disable-common.inc |
37 | include disable-devel.inc | 37 | include disable-devel.inc |
@@ -60,8 +60,8 @@ include disable-xdg.inc | |||
60 | #whitelist ${HOME}/.pine-debug4 | 60 | #whitelist ${HOME}/.pine-debug4 |
61 | #whitelist ${HOME}/.signature | 61 | #whitelist ${HOME}/.signature |
62 | #whitelist ${HOME}/mail | 62 | #whitelist ${HOME}/mail |
63 | allow /var/mail | 63 | whitelist /var/mail |
64 | allow /var/spool/mail | 64 | whitelist /var/spool/mail |
65 | #include whitelist-common.inc | 65 | #include whitelist-common.inc |
66 | include whitelist-runuser-common.inc | 66 | include whitelist-runuser-common.inc |
67 | include whitelist-usr-share-common.inc | 67 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index 03aba36e4..a7caddc4c 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -6,7 +6,7 @@ include amarok.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index 00039a7e9..e3c4164ee 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile | |||
@@ -6,7 +6,7 @@ include amule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.aMule | 9 | noblacklist ${HOME}/.aMule |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.aMule | 18 | mkdir ${HOME}/.aMule |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.aMule | 20 | whitelist ${HOME}/.aMule |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index 5bf6ed773..5a21744cf 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -5,13 +5,13 @@ include android-studio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Google | 8 | noblacklist ${HOME}/.config/Google |
9 | nodeny ${HOME}/.AndroidStudio* | 9 | noblacklist ${HOME}/.AndroidStudio* |
10 | nodeny ${HOME}/.android | 10 | noblacklist ${HOME}/.android |
11 | nodeny ${HOME}/.jack-server | 11 | noblacklist ${HOME}/.jack-server |
12 | nodeny ${HOME}/.jack-settings | 12 | noblacklist ${HOME}/.jack-settings |
13 | nodeny ${HOME}/.local/share/JetBrains | 13 | noblacklist ${HOME}/.local/share/JetBrains |
14 | nodeny ${HOME}/.tooling | 14 | noblacklist ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index c1aa18ff3..13bb01ce2 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -6,8 +6,8 @@ include anki.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/.local/share/Anki2 | 10 | noblacklist ${HOME}/.local/share/Anki2 |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.local/share/Anki2 | 25 | mkdir ${HOME}/.local/share/Anki2 |
26 | allow ${DOCUMENTS} | 26 | whitelist ${DOCUMENTS} |
27 | allow ${HOME}/.local/share/Anki2 | 27 | whitelist ${HOME}/.local/share/Anki2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index cb30ed8da..fdaf10259 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile | |||
@@ -5,7 +5,7 @@ include anydesk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.anydesk | 8 | noblacklist ${HOME}/.anydesk |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.anydesk | 17 | mkdir ${HOME}/.anydesk |
18 | allow ${HOME}/.anydesk | 18 | whitelist ${HOME}/.anydesk |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index d647a4657..e7b09283e 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile | |||
@@ -5,13 +5,13 @@ include aosp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.android | 8 | noblacklist ${HOME}/.android |
9 | nodeny ${HOME}/.bash_history | 9 | noblacklist ${HOME}/.bash_history |
10 | nodeny ${HOME}/.jack-server | 10 | noblacklist ${HOME}/.jack-server |
11 | nodeny ${HOME}/.jack-settings | 11 | noblacklist ${HOME}/.jack-settings |
12 | nodeny ${HOME}/.repo_.gitconfig.json | 12 | noblacklist ${HOME}/.repo_.gitconfig.json |
13 | nodeny ${HOME}/.repoconfig | 13 | noblacklist ${HOME}/.repoconfig |
14 | nodeny ${HOME}/.tooling | 14 | noblacklist ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index 020ae2812..01566314f 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -6,9 +6,9 @@ include apostrophe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.texlive20* | 9 | noblacklist ${HOME}/.texlive20* |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -31,12 +31,12 @@ include disable-programs.inc | |||
31 | include disable-shell.inc | 31 | include disable-shell.inc |
32 | include disable-xdg.inc | 32 | include disable-xdg.inc |
33 | 33 | ||
34 | allow /usr/libexec/webkit2gtk-4.0 | 34 | whitelist /usr/libexec/webkit2gtk-4.0 |
35 | allow /usr/share/apostrophe | 35 | whitelist /usr/share/apostrophe |
36 | allow /usr/share/texlive | 36 | whitelist /usr/share/texlive |
37 | allow /usr/share/texmf | 37 | whitelist /usr/share/texmf |
38 | allow /usr/share/pandoc-* | 38 | whitelist /usr/share/pandoc-* |
39 | allow /usr/share/perl5 | 39 | whitelist /usr/share/perl5 |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
42 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index 8c71dd574..accabb6f5 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile | |||
@@ -7,7 +7,7 @@ include arch-audit.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny /var/lib/pacman | 10 | noblacklist /var/lib/pacman |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow /usr/share/arch-audit | 21 | whitelist /usr/share/arch-audit |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 0915ede33..19c37f90e 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile | |||
@@ -6,7 +6,7 @@ include archaudit-report.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /var/lib/pacman | 9 | noblacklist /var/lib/pacman |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index 5b859ceb1..1fab4606b 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile | |||
@@ -4,7 +4,7 @@ include archiver-common.local | |||
4 | 4 | ||
5 | # common profile for archiver/compression tools | 5 | # common profile for archiver/compression tools |
6 | 6 | ||
7 | deny ${RUNUSER} | 7 | blacklist ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local | 9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local |
10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** | 10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** |
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index 960948afc..84b1d6c18 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile | |||
@@ -5,12 +5,12 @@ include ardour5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/ardour4 | 8 | noblacklist ${HOME}/.config/ardour4 |
9 | nodeny ${HOME}/.config/ardour5 | 9 | noblacklist ${HOME}/.config/ardour5 |
10 | nodeny ${HOME}/.lv2 | 10 | noblacklist ${HOME}/.lv2 |
11 | nodeny ${HOME}/.vst | 11 | noblacklist ${HOME}/.vst |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | nodeny ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index 88f14fbfe..fd1ca9a09 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile | |||
@@ -6,9 +6,9 @@ include arduino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.arduino15 | 9 | noblacklist ${HOME}/.arduino15 |
10 | nodeny ${HOME}/Arduino | 10 | noblacklist ${HOME}/Arduino |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow java (blacklisted by disable-devel.inc) | 13 | # Allow java (blacklisted by disable-devel.inc) |
14 | include allow-java.inc | 14 | include allow-java.inc |
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index be56011f0..22b8ecd65 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -6,12 +6,12 @@ include aria2c.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.aria2 | 9 | noblacklist ${HOME}/.aria2 |
10 | nodeny ${HOME}/.config/aria2 | 10 | noblacklist ${HOME}/.config/aria2 |
11 | nodeny ${HOME}/.netrc | 11 | noblacklist ${HOME}/.netrc |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER}/wayland-* | 14 | blacklist ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index 031c57080..a63dd8f5f 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile | |||
@@ -6,8 +6,8 @@ include ark.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/arkrc | 9 | noblacklist ${HOME}/.config/arkrc |
10 | nodeny ${HOME}/.local/share/kxmlgui5/ark | 10 | noblacklist ${HOME}/.local/share/kxmlgui5/ark |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | allow /usr/share/ark | 19 | whitelist /usr/share/ark |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 9ed8076be..2c8b630ce 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -6,7 +6,7 @@ include arm.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.arm | 9 | noblacklist ${HOME}/.arm |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.arm | 22 | mkdir ${HOME}/.arm |
23 | allow ${HOME}/.arm | 23 | whitelist ${HOME}/.arm |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index 7cfac4915..fab72b7d3 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -6,12 +6,12 @@ include artha.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/artha.conf | 9 | noblacklist ${HOME}/.config/artha.conf |
10 | nodeny ${HOME}/.config/artha.log | 10 | noblacklist ${HOME}/.config/artha.log |
11 | nodeny ${HOME}/.config/enchant | 11 | noblacklist ${HOME}/.config/enchant |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER}/wayland-* | 14 | blacklist ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -28,8 +28,8 @@ include disable-xdg.inc | |||
28 | #whitelist ${HOME}/.config/artha.conf | 28 | #whitelist ${HOME}/.config/artha.conf |
29 | #whitelist ${HOME}/.config/artha.log | 29 | #whitelist ${HOME}/.config/artha.log |
30 | #whitelist ${HOME}/.config/enchant | 30 | #whitelist ${HOME}/.config/enchant |
31 | allow /usr/share/artha | 31 | whitelist /usr/share/artha |
32 | allow /usr/share/wordnet | 32 | whitelist /usr/share/wordnet |
33 | #include whitelist-common.inc | 33 | #include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index f2251c210..977fe30a4 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile | |||
@@ -6,7 +6,7 @@ include assogiate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow ${PICTURES} | 20 | whitelist ${PICTURES} |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index e65072266..c97fd691a 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile | |||
@@ -6,11 +6,11 @@ include asunder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/asunder | 9 | noblacklist ${HOME}/.config/asunder |
10 | nodeny ${HOME}/.asunder_album_genre | 10 | noblacklist ${HOME}/.asunder_album_genre |
11 | nodeny ${HOME}/.asunder_album_title | 11 | noblacklist ${HOME}/.asunder_album_title |
12 | nodeny ${HOME}/.asunder_album_artist | 12 | noblacklist ${HOME}/.asunder_album_artist |
13 | nodeny ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile index ea3038537..5f237ac59 100644 --- a/etc/profile-a-l/atom.profile +++ b/etc/profile-a-l/atom.profile | |||
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc | |||
18 | ignore apparmor | 18 | ignore apparmor |
19 | ignore disable-mnt | 19 | ignore disable-mnt |
20 | 20 | ||
21 | nodeny ${HOME}/.atom | 21 | noblacklist ${HOME}/.atom |
22 | nodeny ${HOME}/.config/Atom | 22 | noblacklist ${HOME}/.config/Atom |
23 | 23 | ||
24 | # Allows files commonly used by IDEs | 24 | # Allows files commonly used by IDEs |
25 | include allow-common-devel.inc | 25 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 8ae8617cf..1c3ed66ff 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile | |||
@@ -6,9 +6,9 @@ include atril.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/atril | 9 | noblacklist ${HOME}/.cache/atril |
10 | nodeny ${HOME}/.config/atril | 10 | noblacklist ${HOME}/.config/atril |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | #noblacklist ${HOME}/.local/share | 13 | #noblacklist ${HOME}/.local/share |
14 | # it seems to use only ${HOME}/.local/share/webkitgtk | 14 | # it seems to use only ${HOME}/.local/share/webkitgtk |
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index 53baf0a2a..f9f209786 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile | |||
@@ -6,9 +6,9 @@ include audacious.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Audaciousrc | 9 | noblacklist ${HOME}/.config/Audaciousrc |
10 | nodeny ${HOME}/.config/audacious | 10 | noblacklist ${HOME}/.config/audacious |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index c244846e1..a2de8436a 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -6,9 +6,9 @@ include audacity.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.audacity-data | 9 | noblacklist ${HOME}/.audacity-data |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 534792cc6..2c7fdc812 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile | |||
@@ -7,7 +7,7 @@ include audio-recorder.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow ${MUSIC} | 20 | whitelist ${MUSIC} |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow /usr/share/audio-recorder | 22 | whitelist /usr/share/audio-recorder |
23 | allow /usr/share/gstreamer-1.0 | 23 | whitelist /usr/share/gstreamer-1.0 |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 0d6eb6a21..2ebe35dd5 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -6,7 +6,7 @@ include authenticator-rs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/authenticator-rs | 9 | noblacklist ${HOME}/.local/share/authenticator-rs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/authenticator-rs | 20 | mkdir ${HOME}/.local/share/authenticator-rs |
21 | allow ${HOME}/.local/share/authenticator-rs | 21 | whitelist ${HOME}/.local/share/authenticator-rs |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow /usr/share/uk.co.grumlimited.authenticator-rs | 23 | whitelist /usr/share/uk.co.grumlimited.authenticator-rs |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 55d967e3e..42d9cd56a 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile | |||
@@ -6,8 +6,8 @@ include authenticator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Authenticator | 9 | noblacklist ${HOME}/.cache/Authenticator |
10 | nodeny ${HOME}/.config/Authenticator | 10 | noblacklist ${HOME}/.config/Authenticator |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | #include allow-python2.inc | 13 | #include allow-python2.inc |
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index a5b3b22f6..891928e5a 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile | |||
@@ -7,8 +7,8 @@ include autokey-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/autokey | 10 | noblacklist ${HOME}/.config/autokey |
11 | nodeny ${HOME}/.local/share/autokey | 11 | noblacklist ${HOME}/.local/share/autokey |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 0feb05d75..7f9d0f6e7 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile | |||
@@ -5,9 +5,9 @@ include avidemux.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.avidemux6 | 8 | noblacklist ${HOME}/.avidemux6 |
9 | nodeny ${HOME}/.config/avidemux3_qt5rc | 9 | noblacklist ${HOME}/.config/avidemux3_qt5rc |
10 | nodeny ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,10 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.avidemux6 | 21 | mkdir ${HOME}/.avidemux6 |
22 | mkdir ${HOME}/.config/avidemux3_qt5rc | 22 | mkdir ${HOME}/.config/avidemux3_qt5rc |
23 | allow ${HOME}/.avidemux6 | 23 | whitelist ${HOME}/.avidemux6 |
24 | allow ${HOME}/.config/avidemux3_qt5rc | 24 | whitelist ${HOME}/.config/avidemux3_qt5rc |
25 | allow ${VIDEOS} | 25 | whitelist ${VIDEOS} |
26 | |||
26 | include whitelist-common.inc | 27 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index abe9fdb24..a57ad4014 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile | |||
@@ -6,7 +6,7 @@ include aweather.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/aweather | 9 | noblacklist ${HOME}/.config/aweather |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/aweather | 18 | mkdir ${HOME}/.config/aweather |
19 | allow ${HOME}/.config/aweather | 19 | whitelist ${HOME}/.config/aweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index 58f4f5e96..5d1bf5071 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile | |||
@@ -7,7 +7,7 @@ include awesome.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | nodeny ${HOME}/.config/awesome | 10 | noblacklist ${HOME}/.config/awesome |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 46bb0b44e..3952921a3 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -6,7 +6,7 @@ include ballbuster.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.ballbuster.hs | 9 | noblacklist ${HOME}/.ballbuster.hs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.ballbuster.hs | 20 | mkfile ${HOME}/.ballbuster.hs |
21 | allow ${HOME}/.ballbuster.hs | 21 | whitelist ${HOME}/.ballbuster.hs |
22 | allow /usr/share/ballbuster | 22 | whitelist /usr/share/ballbuster |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index 2b10883f7..fe86d9b80 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile | |||
@@ -12,12 +12,12 @@ include globals.local | |||
12 | # read-write ${HOME}/.local/share/baloo | 12 | # read-write ${HOME}/.local/share/baloo |
13 | # ignore read-write | 13 | # ignore read-write |
14 | 14 | ||
15 | nodeny ${HOME}/.config/baloofilerc | 15 | noblacklist ${HOME}/.config/baloofilerc |
16 | nodeny ${HOME}/.kde/share/config/baloofilerc | 16 | noblacklist ${HOME}/.kde/share/config/baloofilerc |
17 | nodeny ${HOME}/.kde/share/config/baloorc | 17 | noblacklist ${HOME}/.kde/share/config/baloorc |
18 | nodeny ${HOME}/.kde4/share/config/baloofilerc | 18 | noblacklist ${HOME}/.kde4/share/config/baloofilerc |
19 | nodeny ${HOME}/.kde4/share/config/baloorc | 19 | noblacklist ${HOME}/.kde4/share/config/baloorc |
20 | nodeny ${HOME}/.local/share/baloo | 20 | noblacklist ${HOME}/.local/share/baloo |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index 1e74443aa..8c69652c5 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile | |||
@@ -6,13 +6,13 @@ include balsa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.balsa | 9 | noblacklist ${HOME}/.balsa |
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | nodeny ${HOME}/.mozilla | 11 | noblacklist ${HOME}/.mozilla |
12 | nodeny ${HOME}/.signature | 12 | noblacklist ${HOME}/.signature |
13 | nodeny ${HOME}/mail | 13 | noblacklist ${HOME}/mail |
14 | nodeny /var/mail | 14 | noblacklist /var/mail |
15 | nodeny /var/spool/mail | 15 | noblacklist /var/spool/mail |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.signature | 28 | mkfile ${HOME}/.signature |
29 | mkdir ${HOME}/mail | 29 | mkdir ${HOME}/mail |
30 | allow ${HOME}/.balsa | 30 | whitelist ${HOME}/.balsa |
31 | allow ${HOME}/.gnupg | 31 | whitelist ${HOME}/.gnupg |
32 | allow ${HOME}/.mozilla/firefox/profiles.ini | 32 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
33 | allow ${HOME}/.signature | 33 | whitelist ${HOME}/.signature |
34 | allow ${HOME}/mail | 34 | whitelist ${HOME}/mail |
35 | allow ${RUNUSER}/gnupg | 35 | whitelist ${RUNUSER}/gnupg |
36 | allow /usr/share/balsa | 36 | whitelist /usr/share/balsa |
37 | allow /usr/share/gnupg | 37 | whitelist /usr/share/gnupg |
38 | allow /usr/share/gnupg2 | 38 | whitelist /usr/share/gnupg2 |
39 | allow /var/mail | 39 | whitelist /var/mail |
40 | allow /var/spool/mail | 40 | whitelist /var/spool/mail |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index fcea9b3ba..7b50e9199 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile | |||
@@ -6,9 +6,9 @@ include barrier.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Debauchee/Barrier.conf | 9 | noblacklist ${HOME}/.config/Debauchee/Barrier.conf |
10 | nodeny ${HOME}/.local/share/barrier | 10 | noblacklist ${HOME}/.local/share/barrier |
11 | nodeny ${PATH}/openssl | 11 | noblacklist ${PATH}/openssl |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 547c67fc8..8dc3847a0 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile | |||
@@ -5,13 +5,13 @@ include basilisk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/moonchild productions/basilisk | 8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk |
9 | nodeny ${HOME}/.moonchild productions/basilisk | 9 | noblacklist ${HOME}/.moonchild productions/basilisk |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/moonchild productions/basilisk | 11 | mkdir ${HOME}/.cache/moonchild productions/basilisk |
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | allow ${HOME}/.cache/moonchild productions/basilisk | 13 | whitelist ${HOME}/.cache/moonchild productions/basilisk |
14 | allow ${HOME}/.moonchild productions | 14 | whitelist ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 17 | seccomp |
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index a1d2b1e73..3ecaea7fe 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile | |||
@@ -7,10 +7,10 @@ include bcompare.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/bcompare | 10 | noblacklist ${HOME}/.config/bcompare |
11 | # In case the user decides to include disable-programs.inc, still allow | 11 | # In case the user decides to include disable-programs.inc, still allow |
12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application | 12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application |
13 | nodeny ${HOME}/.config/gwenviewrc | 13 | noblacklist ${HOME}/.config/gwenviewrc |
14 | 14 | ||
15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. | 15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. |
16 | #include disable-common.inc | 16 | #include disable-common.inc |
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile index 588f460a8..f3a9568bd 100644 --- a/etc/profile-a-l/beaker.profile +++ b/etc/profile-a-l/beaker.profile | |||
@@ -19,10 +19,10 @@ ignore private-cache | |||
19 | ignore private-dev | 19 | ignore private-dev |
20 | ignore private-tmp | 20 | ignore private-tmp |
21 | 21 | ||
22 | nodeny ${HOME}/.config/Beaker Browser | 22 | noblacklist ${HOME}/.config/Beaker Browser |
23 | 23 | ||
24 | mkdir ${HOME}/.config/Beaker Browser | 24 | mkdir ${HOME}/.config/Beaker Browser |
25 | allow ${HOME}/.config/Beaker Browser | 25 | whitelist ${HOME}/.config/Beaker Browser |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include electron.profile | 28 | include electron.profile |
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index 717d7258d..c7a82afbd 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -6,11 +6,11 @@ include bibletime.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.bibletime | 9 | noblacklist ${HOME}/.bibletime |
10 | nodeny ${HOME}/.sword | 10 | noblacklist ${HOME}/.sword |
11 | nodeny ${HOME}/.local/share/bibletime | 11 | noblacklist ${HOME}/.local/share/bibletime |
12 | 12 | ||
13 | deny ${HOME}/.bashrc | 13 | blacklist ${HOME}/.bashrc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,12 +22,12 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.bibletime | 22 | mkdir ${HOME}/.bibletime |
23 | mkdir ${HOME}/.sword | 23 | mkdir ${HOME}/.sword |
24 | mkdir ${HOME}/.local/share/bibletime | 24 | mkdir ${HOME}/.local/share/bibletime |
25 | allow ${HOME}/.bibletime | 25 | whitelist ${HOME}/.bibletime |
26 | allow ${HOME}/.sword | 26 | whitelist ${HOME}/.sword |
27 | allow ${HOME}/.local/share/bibletime | 27 | whitelist ${HOME}/.local/share/bibletime |
28 | allow /usr/share/bibletime | 28 | whitelist /usr/share/bibletime |
29 | allow /usr/share/doc/bibletime | 29 | whitelist /usr/share/doc/bibletime |
30 | allow /usr/share/sword | 30 | whitelist /usr/share/sword |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index b02fcc3e0..854fe5cb9 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -6,7 +6,7 @@ include bijiben.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/bijiben | 9 | noblacklist ${HOME}/.local/share/bijiben |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/bijiben | 20 | mkdir ${HOME}/.local/share/bijiben |
21 | allow ${HOME}/.local/share/bijiben | 21 | whitelist ${HOME}/.local/share/bijiben |
22 | allow ${HOME}/.cache/tracker | 22 | whitelist ${HOME}/.cache/tracker |
23 | allow /usr/libexec/webkit2gtk-4.0 | 23 | whitelist /usr/libexec/webkit2gtk-4.0 |
24 | allow /usr/share/bijiben | 24 | whitelist /usr/share/bijiben |
25 | allow /usr/share/tracker | 25 | whitelist /usr/share/tracker |
26 | allow /usr/share/tracker3 | 26 | whitelist /usr/share/tracker3 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index c4ec0f820..932db9b73 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile | |||
@@ -6,8 +6,8 @@ include bitcoin-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.bitcoin | 9 | noblacklist ${HOME}/.bitcoin |
10 | nodeny ${HOME}/.config/Bitcoin | 10 | noblacklist ${HOME}/.config/Bitcoin |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.bitcoin | 20 | mkdir ${HOME}/.bitcoin |
21 | mkdir ${HOME}/.config/Bitcoin | 21 | mkdir ${HOME}/.config/Bitcoin |
22 | allow ${HOME}/.bitcoin | 22 | whitelist ${HOME}/.bitcoin |
23 | allow ${HOME}/.config/Bitcoin | 23 | whitelist ${HOME}/.config/Bitcoin |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index 0f000b26b..dd7651979 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny /sbin | 11 | noblacklist /sbin |
12 | nodeny /usr/sbin | 12 | noblacklist /usr/sbin |
13 | # noblacklist /var/log | 13 | # noblacklist /var/log |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index 4b292d72a..ba2eb2ea7 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc | |||
11 | 11 | ||
12 | ignore noexec /tmp | 12 | ignore noexec /tmp |
13 | 13 | ||
14 | nodeny ${HOME}/.config/Bitwarden | 14 | noblacklist ${HOME}/.config/Bitwarden |
15 | 15 | ||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Bitwarden | 18 | mkdir ${HOME}/.config/Bitwarden |
19 | allow ${HOME}/.config/Bitwarden | 19 | whitelist ${HOME}/.config/Bitwarden |
20 | 20 | ||
21 | machine-id | 21 | machine-id |
22 | no3d | 22 | no3d |
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 616ad6801..233f9a96f 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile | |||
@@ -7,7 +7,7 @@ include blackbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in blackbox will run in this profile | 9 | # all applications started in blackbox will run in this profile |
10 | nodeny ${HOME}/.blackbox | 10 | noblacklist ${HOME}/.blackbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 8d0b5616f..701ae431e 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile | |||
@@ -6,7 +6,7 @@ include blender.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/blender | 9 | noblacklist ${HOME}/.config/blender |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | # Allow usage of AMD GPU by OpenCL | 22 | # Allow usage of AMD GPU by OpenCL |
23 | nodeny /sys/module | 23 | noblacklist /sys/module |
24 | allow /sys/module/amdgpu | 24 | whitelist /sys/module/amdgpu |
25 | read-only /sys/module/amdgpu | 25 | read-only /sys/module/amdgpu |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index ca5f96eee..80dc750f7 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -6,7 +6,7 @@ include bless.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/bless | 9 | noblacklist ${HOME}/.config/bless |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index ee2a73b54..229c20293 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -4,7 +4,7 @@ include blobby.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | nodeny ${HOME}/.blobby | 7 | noblacklist ${HOME}/.blobby |
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.blobby | 18 | mkdir ${HOME}/.blobby |
19 | allow ${HOME}/.blobby | 19 | whitelist ${HOME}/.blobby |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | allow /usr/share/blobby | 21 | whitelist /usr/share/blobby |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index e0be5261e..904710cb5 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -6,7 +6,7 @@ include blobwars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.parallelrealities/blobwars | 9 | noblacklist ${HOME}/.parallelrealities/blobwars |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.parallelrealities/blobwars | 20 | mkdir ${HOME}/.parallelrealities/blobwars |
21 | allow ${HOME}/.parallelrealities/blobwars | 21 | whitelist ${HOME}/.parallelrealities/blobwars |
22 | allow /usr/share/blobwars | 22 | whitelist /usr/share/blobwars |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile index dcfd5d8d2..6e8f0d7d1 100644 --- a/etc/profile-a-l/bnox.profile +++ b/etc/profile-a-l/bnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/bnox | 13 | noblacklist ${HOME}/.cache/bnox |
14 | nodeny ${HOME}/.config/bnox | 14 | noblacklist ${HOME}/.config/bnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/bnox | 16 | mkdir ${HOME}/.cache/bnox |
17 | mkdir ${HOME}/.config/bnox | 17 | mkdir ${HOME}/.config/bnox |
18 | allow ${HOME}/.cache/bnox | 18 | whitelist ${HOME}/.cache/bnox |
19 | allow ${HOME}/.config/bnox | 19 | whitelist ${HOME}/.config/bnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index a14bb8fef..0cbac049a 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile | |||
@@ -5,7 +5,7 @@ include brackets.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Brackets | 8 | noblacklist ${HOME}/.config/Brackets |
9 | #noblacklist /opt/brackets | 9 | #noblacklist /opt/brackets |
10 | #noblacklist /opt/google | 10 | #noblacklist /opt/google |
11 | 11 | ||
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index a78882409..417a6b3e0 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile | |||
@@ -6,7 +6,7 @@ include brasero.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/brasero | 9 | noblacklist ${HOME}/.config/brasero |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile index bc2d7a6a1..09548c761 100644 --- a/etc/profile-a-l/brave.profile +++ b/etc/profile-a-l/brave.profile | |||
@@ -14,24 +14,24 @@ ignore noexec /tmp | |||
14 | # Alternatively you can add 'ignore apparmor' to your brave.local. | 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | nodeny ${HOME}/.cache/BraveSoftware | 17 | noblacklist ${HOME}/.cache/BraveSoftware |
18 | nodeny ${HOME}/.config/BraveSoftware | 18 | noblacklist ${HOME}/.config/BraveSoftware |
19 | nodeny ${HOME}/.config/brave | 19 | noblacklist ${HOME}/.config/brave |
20 | nodeny ${HOME}/.config/brave-flags.conf | 20 | noblacklist ${HOME}/.config/brave-flags.conf |
21 | # brave uses gpg for built-in password manager | 21 | # brave uses gpg for built-in password manager |
22 | nodeny ${HOME}/.gnupg | 22 | noblacklist ${HOME}/.gnupg |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/BraveSoftware | 24 | mkdir ${HOME}/.cache/BraveSoftware |
25 | mkdir ${HOME}/.config/BraveSoftware | 25 | mkdir ${HOME}/.config/BraveSoftware |
26 | mkdir ${HOME}/.config/brave | 26 | mkdir ${HOME}/.config/brave |
27 | allow ${HOME}/.cache/BraveSoftware | 27 | whitelist ${HOME}/.cache/BraveSoftware |
28 | allow ${HOME}/.config/BraveSoftware | 28 | whitelist ${HOME}/.config/BraveSoftware |
29 | allow ${HOME}/.config/brave | 29 | whitelist ${HOME}/.config/brave |
30 | allow ${HOME}/.config/brave-flags.conf | 30 | whitelist ${HOME}/.config/brave-flags.conf |
31 | allow ${HOME}/.gnupg | 31 | whitelist ${HOME}/.gnupg |
32 | 32 | ||
33 | # Brave sandbox needs read access to /proc/config.gz | 33 | # Brave sandbox needs read access to /proc/config.gz |
34 | nodeny /proc/config.gz | 34 | noblacklist /proc/config.gz |
35 | 35 | ||
36 | # Redirect | 36 | # Redirect |
37 | include chromium-common.profile | 37 | include chromium-common.profile |
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index 62ca041c2..bda96bbb3 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile | |||
@@ -6,7 +6,7 @@ include bzflag.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.bzf | 9 | noblacklist ${HOME}/.bzf |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.bzf | 20 | mkdir ${HOME}/.bzf |
21 | allow ${HOME}/.bzf | 21 | whitelist ${HOME}/.bzf |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index 99706620c..83571397b 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile | |||
@@ -6,9 +6,9 @@ include calibre.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/calibre | 9 | noblacklist ${HOME}/.cache/calibre |
10 | nodeny ${HOME}/.config/calibre | 10 | noblacklist ${HOME}/.config/calibre |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index 36ecc06a0..fcff47662 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile | |||
@@ -6,7 +6,7 @@ include calligra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligra | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligra |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile index 76123c96a..006c307ab 100644 --- a/etc/profile-a-l/calligragemini.profile +++ b/etc/profile-a-l/calligragemini.profile | |||
@@ -6,7 +6,7 @@ include calligragemini.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/calligragemini | 9 | noblacklist ${HOME}/.local/share/calligragemini |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile index 5fb1e16da..81dbd4dcd 100644 --- a/etc/profile-a-l/calligraplan.profile +++ b/etc/profile-a-l/calligraplan.profile | |||
@@ -6,7 +6,7 @@ include calligraplan.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplan | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile index c176bfea1..bba91b66b 100644 --- a/etc/profile-a-l/calligraplanwork.profile +++ b/etc/profile-a-l/calligraplanwork.profile | |||
@@ -6,7 +6,7 @@ include calligraplanwork.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplanwork | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile index b7ac68945..7bc296047 100644 --- a/etc/profile-a-l/calligrasheets.profile +++ b/etc/profile-a-l/calligrasheets.profile | |||
@@ -6,7 +6,7 @@ include calligrasheets.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrasheets | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile index 1258fec56..7694abbe4 100644 --- a/etc/profile-a-l/calligrastage.profile +++ b/etc/profile-a-l/calligrastage.profile | |||
@@ -6,7 +6,7 @@ include calligrastage.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrastage | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile index c2b6c8041..d69d56a95 100644 --- a/etc/profile-a-l/calligrawords.profile +++ b/etc/profile-a-l/calligrawords.profile | |||
@@ -6,7 +6,7 @@ include calligrawords.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrawords | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index 390ae383c..74c7cc34b 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-shell.inc | 20 | include disable-shell.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | allow /usr/share/cameramonitor | 23 | whitelist /usr/share/cameramonitor |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index 77bdc09e0..96f88a7c4 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile | |||
@@ -6,10 +6,10 @@ include cantata.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/cantata | 9 | noblacklist ${HOME}/.cache/cantata |
10 | nodeny ${HOME}/.config/cantata | 10 | noblacklist ${HOME}/.config/cantata |
11 | nodeny ${HOME}/.local/share/cantata | 11 | noblacklist ${HOME}/.local/share/cantata |
12 | nodeny ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index 9c53af84f..7cf04c550 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile | |||
@@ -10,11 +10,11 @@ include globals.local | |||
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | ignore noexec /tmp | 11 | ignore noexec /tmp |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER} | 14 | blacklist ${RUNUSER} |
15 | 15 | ||
16 | nodeny ${HOME}/.cargo/credentials | 16 | noblacklist ${HOME}/.cargo/credentials |
17 | nodeny ${HOME}/.cargo/credentials.toml | 17 | noblacklist ${HOME}/.cargo/credentials.toml |
18 | 18 | ||
19 | # Allows files commonly used by IDEs | 19 | # Allows files commonly used by IDEs |
20 | include allow-common-devel.inc | 20 | include allow-common-devel.inc |
@@ -34,7 +34,7 @@ include disable-xdg.inc | |||
34 | #whitelist ${HOME}/.cargo | 34 | #whitelist ${HOME}/.cargo |
35 | #whitelist ${HOME}/.rustup | 35 | #whitelist ${HOME}/.rustup |
36 | #include whitelist-common.inc | 36 | #include whitelist-common.inc |
37 | allow /usr/share/pkgconfig | 37 | whitelist /usr/share/pkgconfig |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
40 | include whitelist-var-common.inc | 40 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index 4ea53ea6b..009d3a049 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | # We can't blacklist much since catfish | 9 | # We can't blacklist much since catfish |
10 | # is for finding files/content | 10 | # is for finding files/content |
11 | 11 | ||
12 | nodeny ${HOME}/.config/catfish | 12 | noblacklist ${HOME}/.config/catfish |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-interpreters.inc | |||
21 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | # include disable-programs.inc | 22 | # include disable-programs.inc |
23 | 23 | ||
24 | allow /var/lib/mlocate | 24 | whitelist /var/lib/mlocate |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | apparmor | 27 | apparmor |
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index d7aee1902..6e137010c 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -6,7 +6,7 @@ include cawbird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/cawbird | 9 | noblacklist ${HOME}/.config/cawbird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index d6f4306ba..1c539cc93 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -6,9 +6,9 @@ include celluloid.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/celluloid | 9 | noblacklist ${HOME}/.config/celluloid |
10 | nodeny ${HOME}/.config/gnome-mpv | 10 | noblacklist ${HOME}/.config/gnome-mpv |
11 | nodeny ${HOME}/.config/youtube-dl | 11 | noblacklist ${HOME}/.config/youtube-dl |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -17,7 +17,7 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | deny /usr/libexec | 20 | blacklist /usr/libexec |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -30,9 +30,9 @@ read-only ${DESKTOP} | |||
30 | mkdir ${HOME}/.config/celluloid | 30 | mkdir ${HOME}/.config/celluloid |
31 | mkdir ${HOME}/.config/gnome-mpv | 31 | mkdir ${HOME}/.config/gnome-mpv |
32 | mkdir ${HOME}/.config/youtube-dl | 32 | mkdir ${HOME}/.config/youtube-dl |
33 | allow ${HOME}/.config/celluloid | 33 | whitelist ${HOME}/.config/celluloid |
34 | allow ${HOME}/.config/gnome-mpv | 34 | whitelist ${HOME}/.config/gnome-mpv |
35 | allow ${HOME}/.config/youtube-dl | 35 | whitelist ${HOME}/.config/youtube-dl |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-player-common.inc | 37 | include whitelist-player-common.inc |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 0f61084e0..24939fc70 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile | |||
@@ -7,9 +7,9 @@ include checkbashisms.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index bde3e1311..aca1f5876 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -6,8 +6,8 @@ include cheese.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${VIDEOS} | 9 | noblacklist ${VIDEOS} |
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow ${VIDEOS} | 20 | whitelist ${VIDEOS} |
21 | allow ${PICTURES} | 21 | whitelist ${PICTURES} |
22 | allow /usr/share/gnome-video-effects | 22 | whitelist /usr/share/gnome-video-effects |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index d5dedd81d..7621b3c8c 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile | |||
@@ -6,8 +6,8 @@ include cherrytree.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/cherrytree | 9 | noblacklist ${HOME}/.config/cherrytree |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile index 64c45772a..8803a4d9d 100644 --- a/etc/profile-a-l/chromium-browser-privacy.profile +++ b/etc/profile-a-l/chromium-browser-privacy.profile | |||
@@ -3,15 +3,15 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include chromium-browser-privacy.local | 4 | include chromium-browser-privacy.local |
5 | 5 | ||
6 | nodeny ${HOME}/.cache/ungoogled-chromium | 6 | noblacklist ${HOME}/.cache/ungoogled-chromium |
7 | nodeny ${HOME}/.config/ungoogled-chromium | 7 | noblacklist ${HOME}/.config/ungoogled-chromium |
8 | 8 | ||
9 | deny /usr/libexec | 9 | blacklist /usr/libexec |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/ungoogled-chromium | 11 | mkdir ${HOME}/.cache/ungoogled-chromium |
12 | mkdir ${HOME}/.config/ungoogled-chromium | 12 | mkdir ${HOME}/.config/ungoogled-chromium |
13 | allow ${HOME}/.cache/ungoogled-chromium | 13 | whitelist ${HOME}/.cache/ungoogled-chromium |
14 | allow ${HOME}/.config/ungoogled-chromium | 14 | whitelist ${HOME}/.config/ungoogled-chromium |
15 | 15 | ||
16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings | 16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings |
17 | 17 | ||
diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile index 87a0a0994..19addd285 100644 --- a/etc/profile-a-l/chromium-common-hardened.inc.profile +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile | |||
@@ -6,5 +6,4 @@ caps.drop all | |||
6 | nonewprivs | 6 | nonewprivs |
7 | noroot | 7 | noroot |
8 | protocol unix,inet,inet6,netlink | 8 | protocol unix,inet,inet6,netlink |
9 | # kcmp is required for ozone-platform=wayland, see #3783. | 9 | seccomp !chroot |
10 | seccomp !chroot,!kcmp | ||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index dbeb715d4..b0e0254d4 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -9,8 +9,8 @@ include chromium-common.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | nodeny ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | nodeny ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser | 15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser |
16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector | 16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector |
@@ -26,9 +26,9 @@ include disable-xdg.inc | |||
26 | 26 | ||
27 | mkdir ${HOME}/.pki | 27 | mkdir ${HOME}/.pki |
28 | mkdir ${HOME}/.local/share/pki | 28 | mkdir ${HOME}/.local/share/pki |
29 | allow ${DOWNLOADS} | 29 | whitelist ${DOWNLOADS} |
30 | allow ${HOME}/.pki | 30 | whitelist ${HOME}/.pki |
31 | allow ${HOME}/.local/share/pki | 31 | whitelist ${HOME}/.local/share/pki |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile index ea92e90a8..9ac33aa1c 100644 --- a/etc/profile-a-l/chromium.profile +++ b/etc/profile-a-l/chromium.profile | |||
@@ -6,17 +6,17 @@ include chromium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/chromium | 9 | noblacklist ${HOME}/.cache/chromium |
10 | nodeny ${HOME}/.config/chromium | 10 | noblacklist ${HOME}/.config/chromium |
11 | nodeny ${HOME}/.config/chromium-flags.conf | 11 | noblacklist ${HOME}/.config/chromium-flags.conf |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/chromium | 13 | mkdir ${HOME}/.cache/chromium |
14 | mkdir ${HOME}/.config/chromium | 14 | mkdir ${HOME}/.config/chromium |
15 | allow ${HOME}/.cache/chromium | 15 | whitelist ${HOME}/.cache/chromium |
16 | allow ${HOME}/.config/chromium | 16 | whitelist ${HOME}/.config/chromium |
17 | allow ${HOME}/.config/chromium-flags.conf | 17 | whitelist ${HOME}/.config/chromium-flags.conf |
18 | allow /usr/share/chromium | 18 | whitelist /usr/share/chromium |
19 | allow /usr/share/mozilla/extensions | 19 | whitelist /usr/share/mozilla/extensions |
20 | 20 | ||
21 | # private-bin chromium,chromium-browser,chromedriver | 21 | # private-bin chromium,chromium-browser,chromedriver |
22 | 22 | ||
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index c967e1c96..e1f9523c4 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -5,7 +5,7 @@ include cin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.bcast5 | 8 | noblacklist ${HOME}/.bcast5 |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile index 0efbcd4f2..e403c2c41 100644 --- a/etc/profile-a-l/clamav.profile +++ b/etc/profile-a-l/clamav.profile | |||
@@ -7,7 +7,7 @@ include clamav.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | 13 | ||
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 3e4e1f2a1..691657fa0 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
@@ -6,17 +6,17 @@ include claws-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.claws-mail | 9 | noblacklist ${HOME}/.claws-mail |
10 | 10 | ||
11 | mkdir ${HOME}/.claws-mail | 11 | mkdir ${HOME}/.claws-mail |
12 | allow ${HOME}/.claws-mail | 12 | whitelist ${HOME}/.claws-mail |
13 | 13 | ||
14 | # Add the below lines to your claws-mail.local if you use python-based plugins. | 14 | # Add the below lines to your claws-mail.local if you use python-based plugins. |
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | #include allow-python2.inc | 16 | #include allow-python2.inc |
17 | #include allow-python3.inc | 17 | #include allow-python3.inc |
18 | 18 | ||
19 | allow /usr/share/doc/claws-mail | 19 | whitelist /usr/share/doc/claws-mail |
20 | 20 | ||
21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 | 21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index ee64391d9..9b62a1f73 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -6,7 +6,7 @@ include clawsker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.claws-mail | 9 | noblacklist ${HOME}/.claws-mail |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.claws-mail | 21 | mkdir ${HOME}/.claws-mail |
22 | allow ${HOME}/.claws-mail | 22 | whitelist ${HOME}/.claws-mail |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index f9c0006f9..fa33795c1 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile | |||
@@ -6,9 +6,9 @@ include clementine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Clementine | 9 | noblacklist ${HOME}/.cache/Clementine |
10 | nodeny ${HOME}/.config/Clementine | 10 | noblacklist ${HOME}/.config/Clementine |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index 5c5399069..77952358f 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile | |||
@@ -5,16 +5,16 @@ include clion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/JetBrains/CLion* | 8 | noblacklist ${HOME}/.config/JetBrains/CLion* |
9 | nodeny ${HOME}/.cache/JetBrains/CLion* | 9 | noblacklist ${HOME}/.cache/JetBrains/CLion* |
10 | nodeny ${HOME}/.clion* | 10 | noblacklist ${HOME}/.clion* |
11 | nodeny ${HOME}/.CLion* | 11 | noblacklist ${HOME}/.CLion* |
12 | nodeny ${HOME}/.config/git | 12 | noblacklist ${HOME}/.config/git |
13 | nodeny ${HOME}/.gitconfig | 13 | noblacklist ${HOME}/.gitconfig |
14 | nodeny ${HOME}/.git-credentials | 14 | noblacklist ${HOME}/.git-credentials |
15 | nodeny ${HOME}/.java | 15 | noblacklist ${HOME}/.java |
16 | nodeny ${HOME}/.local/share/JetBrains | 16 | noblacklist ${HOME}/.local/share/JetBrains |
17 | nodeny ${HOME}/.tooling | 17 | noblacklist ${HOME}/.tooling |
18 | 18 | ||
19 | # Allow ssh (blacklisted by disable-common.inc) | 19 | # Allow ssh (blacklisted by disable-common.inc) |
20 | include allow-ssh.inc | 20 | include allow-ssh.inc |
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index 89f8d96f0..c8258da07 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile | |||
@@ -6,9 +6,9 @@ include clipgrab.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Philipp Schmieder | 9 | noblacklist ${HOME}/.config/Philipp Schmieder |
10 | nodeny ${HOME}/.pki | 10 | noblacklist ${HOME}/.pki |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index 4a2a5171b..d421903a3 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile | |||
@@ -6,8 +6,8 @@ include clipit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/clipit | 9 | noblacklist ${HOME}/.config/clipit |
10 | nodeny ${HOME}/.local/share/clipit | 10 | noblacklist ${HOME}/.local/share/clipit |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/clipit | 20 | mkdir ${HOME}/.config/clipit |
21 | mkdir ${HOME}/.local/share/clipit | 21 | mkdir ${HOME}/.local/share/clipit |
22 | allow ${HOME}/.config/clipit | 22 | whitelist ${HOME}/.config/clipit |
23 | allow ${HOME}/.local/share/clipit | 23 | whitelist ${HOME}/.local/share/clipit |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile index 22c6ef882..d0b8cc0ef 100644 --- a/etc/profile-a-l/cliqz.profile +++ b/etc/profile-a-l/cliqz.profile | |||
@@ -5,16 +5,16 @@ include cliqz.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/cliqz | 8 | noblacklist ${HOME}/.cache/cliqz |
9 | nodeny ${HOME}/.cliqz | 9 | noblacklist ${HOME}/.cliqz |
10 | nodeny ${HOME}/.config/cliqz | 10 | noblacklist ${HOME}/.config/cliqz |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/cliqz | 12 | mkdir ${HOME}/.cache/cliqz |
13 | mkdir ${HOME}/.cliqz | 13 | mkdir ${HOME}/.cliqz |
14 | mkdir ${HOME}/.config/cliqz | 14 | mkdir ${HOME}/.config/cliqz |
15 | allow ${HOME}/.cache/cliqz | 15 | whitelist ${HOME}/.cache/cliqz |
16 | allow ${HOME}/.cliqz | 16 | whitelist ${HOME}/.cliqz |
17 | allow ${HOME}/.config/cliqz | 17 | whitelist ${HOME}/.config/cliqz |
18 | 18 | ||
19 | # private-etc must first be enabled in firefox-common.profile | 19 | # private-etc must first be enabled in firefox-common.profile |
20 | #private-etc cliqz | 20 | #private-etc cliqz |
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index 51e53209f..bcd557787 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -6,8 +6,8 @@ include cmus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/cmus | 9 | noblacklist ${HOME}/.config/cmus |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index 1933c66fa..fdf94ec41 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
@@ -5,39 +5,36 @@ include code.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Code | 8 | # Disabled until someone reported positive feedback |
9 | nodeny ${HOME}/.config/Code - OSS | 9 | ignore include disable-devel.inc |
10 | nodeny ${HOME}/.vscode | 10 | ignore include disable-exec.inc |
11 | nodeny ${HOME}/.vscode-oss | 11 | ignore include disable-interpreters.inc |
12 | ignore include disable-xdg.inc | ||
13 | ignore whitelist ${DOWNLOADS} | ||
14 | ignore include whitelist-common.inc | ||
15 | ignore include whitelist-runuser-common.inc | ||
16 | ignore include whitelist-usr-share-common.inc | ||
17 | ignore include whitelist-var-common.inc | ||
18 | ignore apparmor | ||
19 | ignore disable-mnt | ||
20 | ignore dbus-user none | ||
21 | ignore dbus-system none | ||
22 | |||
23 | noblacklist ${HOME}/.config/Code | ||
24 | noblacklist ${HOME}/.config/Code - OSS | ||
25 | noblacklist ${HOME}/.vscode | ||
26 | noblacklist ${HOME}/.vscode-oss | ||
12 | 27 | ||
13 | # Allows files commonly used by IDEs | 28 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 29 | include allow-common-devel.inc |
15 | 30 | ||
16 | include disable-common.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | noinput | ||
25 | nonewprivs | ||
26 | noroot | ||
27 | nosound | 31 | nosound |
28 | notv | ||
29 | nou2f | ||
30 | novideo | ||
31 | protocol unix,inet,inet6,netlink | ||
32 | seccomp | ||
33 | shell none | ||
34 | |||
35 | private-cache | ||
36 | private-dev | ||
37 | private-tmp | ||
38 | 32 | ||
39 | # Disabling noexec ${HOME} for now since it will | 33 | # Disabling noexec ${HOME} for now since it will |
40 | # probably interfere with running some programmes | 34 | # probably interfere with running some programmes |
41 | # in VS Code | 35 | # in VS Code |
42 | # noexec ${HOME} | 36 | # noexec ${HOME} |
43 | noexec /tmp | 37 | noexec /tmp |
38 | |||
39 | # Redirect | ||
40 | include electron.profile | ||
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index efa7f516c..bd6d8f5b0 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile | |||
@@ -6,7 +6,7 @@ include colorful.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.suve/colorful | 9 | noblacklist ${HOME}/.suve/colorful |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.suve/colorful | 20 | mkdir ${HOME}/.suve/colorful |
21 | allow ${HOME}/.suve/colorful | 21 | whitelist ${HOME}/.suve/colorful |
22 | allow /usr/share/suve | 22 | whitelist /usr/share/suve |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index 34b662959..c8bdfec23 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/com.github.bleakgrey.tootle | 9 | noblacklist ${HOME}/.config/com.github.bleakgrey.tootle |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle | 20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow ${HOME}/.config/com.github.bleakgrey.tootle | 22 | whitelist ${HOME}/.config/com.github.bleakgrey.tootle |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index 4e26e4925..b467a0f7a 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/agenda | 9 | noblacklist ${HOME}/.cache/agenda |
10 | nodeny ${HOME}/.config/agenda | 10 | noblacklist ${HOME}/.config/agenda |
11 | nodeny ${HOME}/.local/share/agenda | 11 | noblacklist ${HOME}/.local/share/agenda |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/agenda | 22 | mkdir ${HOME}/.cache/agenda |
23 | mkdir ${HOME}/.config/agenda | 23 | mkdir ${HOME}/.config/agenda |
24 | mkdir ${HOME}/.local/share/agenda | 24 | mkdir ${HOME}/.local/share/agenda |
25 | allow ${HOME}/.cache/agenda | 25 | whitelist ${HOME}/.cache/agenda |
26 | allow ${HOME}/.config/agenda | 26 | whitelist ${HOME}/.config/agenda |
27 | allow ${HOME}/.local/share/agenda | 27 | whitelist ${HOME}/.local/share/agenda |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index bbfc1fe41..c13f9618b 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -6,9 +6,9 @@ include foliate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/.cache/com.github.johnfactotum.Foliate | 10 | noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate |
11 | nodeny ${HOME}/.local/share/com.github.johnfactotum.Foliate | 11 | noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
@@ -24,12 +24,12 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate | 25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate |
26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate | 26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate |
27 | allow ${HOME}/.cache/com.github.johnfactotum.Foliate | 27 | whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate |
28 | allow ${HOME}/.local/share/com.github.johnfactotum.Foliate | 28 | whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
29 | allow ${DOCUMENTS} | 29 | whitelist ${DOCUMENTS} |
30 | allow ${DOWNLOADS} | 30 | whitelist ${DOWNLOADS} |
31 | allow /usr/share/com.github.johnfactotum.Foliate | 31 | whitelist /usr/share/com.github.johnfactotum.Foliate |
32 | allow /usr/share/hyphen | 32 | whitelist /usr/share/hyphen |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index 3e9acc6c8..d0402d188 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile | |||
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/minder | 9 | noblacklist ${HOME}/.local/share/minder |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.local/share/minder | 22 | mkdir ${HOME}/.local/share/minder |
23 | allow ${HOME}/.local/share/minder | 23 | whitelist ${HOME}/.local/share/minder |
24 | allow ${DOCUMENTS} | 24 | whitelist ${DOCUMENTS} |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow ${PICTURES} | 26 | whitelist ${PICTURES} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile index 6cc9ec551..38edf0d21 100644 --- a/etc/profile-a-l/conkeror.profile +++ b/etc/profile-a-l/conkeror.profile | |||
@@ -5,23 +5,23 @@ include conkeror.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.conkeror.mozdev.org | 8 | noblacklist ${HOME}/.conkeror.mozdev.org |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-programs.inc | 11 | include disable-programs.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.conkeror.mozdev.org | 13 | mkdir ${HOME}/.conkeror.mozdev.org |
14 | mkfile ${HOME}/.conkerorrc | 14 | mkfile ${HOME}/.conkerorrc |
15 | allow ${HOME}/.conkeror.mozdev.org | 15 | whitelist ${HOME}/.conkeror.mozdev.org |
16 | allow ${HOME}/.conkerorrc | 16 | whitelist ${HOME}/.conkerorrc |
17 | allow ${HOME}/.lastpass | 17 | whitelist ${HOME}/.lastpass |
18 | allow ${HOME}/.pentadactyl | 18 | whitelist ${HOME}/.pentadactyl |
19 | allow ${HOME}/.pentadactylrc | 19 | whitelist ${HOME}/.pentadactylrc |
20 | allow ${HOME}/.vimperator | 20 | whitelist ${HOME}/.vimperator |
21 | allow ${HOME}/.vimperatorrc | 21 | whitelist ${HOME}/.vimperatorrc |
22 | allow ${HOME}/.zotero | 22 | whitelist ${HOME}/.zotero |
23 | allow ${HOME}/dwhelper | 23 | whitelist ${HOME}/dwhelper |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index 1b3fe6651..eaa18739d 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile | |||
@@ -6,7 +6,7 @@ include conky.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 266c404ee..2fb446e2a 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile | |||
@@ -6,7 +6,7 @@ include corebird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/corebird | 9 | noblacklist ${HOME}/.config/corebird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 0a1353e40..1635995dc 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile | |||
@@ -7,8 +7,8 @@ include cower.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/cower | 10 | noblacklist ${HOME}/.config/cower |
11 | nodeny /var/lib/pacman | 11 | noblacklist /var/lib/pacman |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 5e48c8022..7ece35c2b 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -6,7 +6,7 @@ include coyim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/coyim | 9 | noblacklist ${HOME}/.config/coyim |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/coyim | 20 | mkdir ${HOME}/.config/coyim |
21 | allow ${HOME}/.config/coyim | 21 | whitelist ${HOME}/.config/coyim |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile index dec8c086b..bdc4f21a6 100644 --- a/etc/profile-a-l/cpio.profile +++ b/etc/profile-a-l/cpio.profile | |||
@@ -7,8 +7,8 @@ include cpio.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny /sbin | 10 | noblacklist /sbin |
11 | nodeny /usr/sbin | 11 | noblacklist /usr/sbin |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include archiver-common.profile | 14 | include archiver-common.profile |
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index 81292c01c..b10216895 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile | |||
@@ -6,7 +6,7 @@ include crawl-tiles.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.crawl | 9 | noblacklist ${HOME}/.crawl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.crawl | 19 | mkdir ${HOME}/.crawl |
20 | allow ${HOME}/.crawl | 20 | whitelist ${HOME}/.crawl |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index 36bd93778..02b15ecc2 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | mkdir ${HOME}/.config/crow | 9 | mkdir ${HOME}/.config/crow |
10 | mkdir ${HOME}/.cache/gstreamer-1.0 | 10 | mkdir ${HOME}/.cache/gstreamer-1.0 |
11 | allow ${HOME}/.config/crow | 11 | whitelist ${HOME}/.config/crow |
12 | allow ${HOME}/.cache/gstreamer-1.0 | 12 | whitelist ${HOME}/.cache/gstreamer-1.0 |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index 4950b7a4c..c9867c5d7 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -12,11 +12,11 @@ include globals.local | |||
12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. | 12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. |
13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local | 13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local |
14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. | 14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. |
15 | nodeny ${HOME}/.curl-hsts | 15 | noblacklist ${HOME}/.curl-hsts |
16 | nodeny ${HOME}/.curlrc | 16 | noblacklist ${HOME}/.curlrc |
17 | 17 | ||
18 | deny /tmp/.X11-unix | 18 | blacklist /tmp/.X11-unix |
19 | deny ${RUNUSER} | 19 | blacklist ${RUNUSER} |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-exec.inc | 22 | include disable-exec.inc |
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile index 49f972e4a..d1fff0004 100644 --- a/etc/profile-a-l/cyberfox.profile +++ b/etc/profile-a-l/cyberfox.profile | |||
@@ -5,13 +5,13 @@ include cyberfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.8pecxstudios | 8 | noblacklist ${HOME}/.8pecxstudios |
9 | nodeny ${HOME}/.cache/8pecxstudios | 9 | noblacklist ${HOME}/.cache/8pecxstudios |
10 | 10 | ||
11 | mkdir ${HOME}/.8pecxstudios | 11 | mkdir ${HOME}/.8pecxstudios |
12 | mkdir ${HOME}/.cache/8pecxstudios | 12 | mkdir ${HOME}/.cache/8pecxstudios |
13 | allow ${HOME}/.8pecxstudios | 13 | whitelist ${HOME}/.8pecxstudios |
14 | allow ${HOME}/.cache/8pecxstudios | 14 | whitelist ${HOME}/.cache/8pecxstudios |
15 | 15 | ||
16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which | 16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which |
17 | # private-etc must first be enabled in firefox-common.profile | 17 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index c7ce1730a..ba1e7adad 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -6,7 +6,7 @@ include d-feet.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/d-feet | 9 | noblacklist ${HOME}/.config/d-feet |
10 | 10 | ||
11 | # Allow python (disabled by disable-interpreters.inc) | 11 | # Allow python (disabled by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/d-feet | 24 | mkdir ${HOME}/.config/d-feet |
25 | allow ${HOME}/.config/d-feet | 25 | whitelist ${HOME}/.config/d-feet |
26 | allow /usr/share/d-feet | 26 | whitelist /usr/share/d-feet |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 4d51c255e..61fa52928 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile | |||
@@ -6,9 +6,9 @@ include darktable.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/darktable | 9 | noblacklist ${HOME}/.cache/darktable |
10 | nodeny ${HOME}/.config/darktable | 10 | noblacklist ${HOME}/.config/darktable |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 745042d6f..67a61bb60 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -7,8 +7,8 @@ include dbus-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index c1231c6cf..0c221850a 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow ${HOME}/.local/share/glib-2.0 | 18 | whitelist ${HOME}/.local/share/glib-2.0 |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index b9d385adf..be7514cbf 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -6,7 +6,7 @@ include dconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | allow ${HOME}/.local/share/glib-2.0 | 19 | whitelist ${HOME}/.local/share/glib-2.0 |
20 | # dconf paths are whitelisted by the following | 20 | # dconf paths are whitelisted by the following |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 09fa7a07a..5b95b74be 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow /usr/share/ddgtk | 22 | whitelist /usr/share/ddgtk |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index 25fa944a1..a221ebbd7 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile | |||
@@ -6,8 +6,8 @@ include deadbeef.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/deadbeef | 9 | noblacklist ${HOME}/.config/deadbeef |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index d41a4a023..ad7aa6ed5 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile | |||
@@ -6,7 +6,7 @@ include deluge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/deluge | 9 | noblacklist ${HOME}/.config/deluge |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/deluge | 22 | mkdir ${HOME}/.config/deluge |
23 | allow ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | allow ${HOME}/.config/deluge | 24 | whitelist ${HOME}/.config/deluge |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index aed4355d5..212cdab60 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile | |||
@@ -6,9 +6,9 @@ include desktopeditors.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/onlyoffice | 9 | noblacklist ${HOME}/.config/onlyoffice |
10 | nodeny ${HOME}/.local/share/onlyoffice | 10 | noblacklist ${HOME}/.local/share/onlyoffice |
11 | nodeny ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index dc0f290fb..5007f8e74 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile | |||
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | allow /usr/share/devhelp | 19 | whitelist /usr/share/devhelp |
20 | allow /usr/share/doc | 20 | whitelist /usr/share/doc |
21 | allow /usr/share/gtk-doc/html | 21 | whitelist /usr/share/gtk-doc/html |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 631f15f93..6267b5709 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -6,9 +6,9 @@ include devilspie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${HOME}/.devilspie | 11 | noblacklist ${HOME}/.devilspie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.devilspie | 21 | mkdir ${HOME}/.devilspie |
22 | allow ${HOME}/.devilspie | 22 | whitelist ${HOME}/.devilspie |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile index 140c9da0f..9eab3f536 100644 --- a/etc/profile-a-l/devilspie2.profile +++ b/etc/profile-a-l/devilspie2.profile | |||
@@ -6,17 +6,17 @@ include devilspie2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | deny ${HOME}/.devilspie | 9 | blacklist ${HOME}/.devilspie |
10 | 10 | ||
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | nodeny ${HOME}/.config/devilspie2 | 13 | noblacklist ${HOME}/.config/devilspie2 |
14 | 14 | ||
15 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
16 | include allow-lua.inc | 16 | include allow-lua.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/devilspie2 | 18 | mkdir ${HOME}/.config/devilspie2 |
19 | allow ${HOME}/.config/devilspie2 | 19 | whitelist ${HOME}/.config/devilspie2 |
20 | 20 | ||
21 | private-bin devilspie2 | 21 | private-bin devilspie2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 2a808238b..531734b7d 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile | |||
@@ -6,8 +6,8 @@ include dia.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.dia | 9 | noblacklist ${HOME}/.dia |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${HOME}/.dia | 25 | #whitelist ${HOME}/.dia |
26 | #whitelist ${DOCUMENTS} | 26 | #whitelist ${DOCUMENTS} |
27 | #include whitelist-common.inc | 27 | #include whitelist-common.inc |
28 | allow /usr/share/dia | 28 | whitelist /usr/share/dia |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 2d683b811..247159a8a 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -7,11 +7,11 @@ include dig.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.digrc | 10 | noblacklist ${HOME}/.digrc |
11 | nodeny ${PATH}/dig | 11 | noblacklist ${PATH}/dig |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER} | 14 | blacklist ${RUNUSER} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | # include disable-devel.inc | 17 | # include disable-devel.inc |
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | #mkfile ${HOME}/.digrc - see #903 | 24 | #mkfile ${HOME}/.digrc - see #903 |
25 | allow ${HOME}/.digrc | 25 | whitelist ${HOME}/.digrc |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index 124b50952..2ca7bd400 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile | |||
@@ -6,12 +6,12 @@ include digikam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/digikam | 9 | noblacklist ${HOME}/.config/digikam |
10 | nodeny ${HOME}/.config/digikamrc | 10 | noblacklist ${HOME}/.config/digikamrc |
11 | nodeny ${HOME}/.kde/share/apps/digikam | 11 | noblacklist ${HOME}/.kde/share/apps/digikam |
12 | nodeny ${HOME}/.kde4/share/apps/digikam | 12 | noblacklist ${HOME}/.kde4/share/apps/digikam |
13 | nodeny ${HOME}/.local/share/kxmlgui5/digikam | 13 | noblacklist ${HOME}/.local/share/kxmlgui5/digikam |
14 | nodeny ${PICTURES} | 14 | noblacklist ${PICTURES} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 883466f4d..9871a6095 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile | |||
@@ -6,7 +6,7 @@ include dillo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.dillo | 9 | noblacklist ${HOME}/.dillo |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.dillo | 17 | mkdir ${HOME}/.dillo |
18 | mkdir ${HOME}/.fltk | 18 | mkdir ${HOME}/.fltk |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.dillo | 20 | whitelist ${HOME}/.dillo |
21 | allow ${HOME}/.fltk | 21 | whitelist ${HOME}/.fltk |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index 3078bef71..c3174b35f 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile | |||
@@ -6,7 +6,7 @@ include dino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/dino | 9 | noblacklist ${HOME}/.local/share/dino |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/dino | 19 | mkdir ${HOME}/.local/share/dino |
20 | allow ${HOME}/.local/share/dino | 20 | whitelist ${HOME}/.local/share/dino |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile index 1c53cd211..43db95b8a 100644 --- a/etc/profile-a-l/discord-canary.profile +++ b/etc/profile-a-l/discord-canary.profile | |||
@@ -5,10 +5,10 @@ include discord-canary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/discordcanary | 8 | noblacklist ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | allow ${HOME}/.config/discordcanary | 11 | whitelist ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] | 13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] |
14 | private-opt discord-canary | 14 | private-opt discord-canary |
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index 6bee1901c..19e7bd9ab 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile | |||
@@ -20,8 +20,8 @@ ignore dbus-system none | |||
20 | ignore noexec ${HOME} | 20 | ignore noexec ${HOME} |
21 | ignore novideo | 21 | ignore novideo |
22 | 22 | ||
23 | allow ${HOME}/.config/BetterDiscord | 23 | whitelist ${HOME}/.config/BetterDiscord |
24 | allow ${HOME}/.local/share/betterdiscordctl | 24 | whitelist ${HOME}/.local/share/betterdiscordctl |
25 | 25 | ||
26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh | 26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh |
27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl | 27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl |
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile index 658d3fc83..8ef02a30f 100644 --- a/etc/profile-a-l/discord.profile +++ b/etc/profile-a-l/discord.profile | |||
@@ -5,10 +5,10 @@ include discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/discord | 8 | noblacklist ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | allow ${HOME}/.config/discord | 11 | whitelist ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin discord | 13 | private-bin discord |
14 | private-opt discord | 14 | private-opt discord |
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 4474b97d2..11f3fd36e 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -5,7 +5,7 @@ include display.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${PICTURES} | 8 | noblacklist ${PICTURES} |
9 | 9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile index 8c3d6211b..51ba6f8b7 100644 --- a/etc/profile-a-l/dnox.profile +++ b/etc/profile-a-l/dnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/dnox | 13 | noblacklist ${HOME}/.cache/dnox |
14 | nodeny ${HOME}/.config/dnox | 14 | noblacklist ${HOME}/.config/dnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/dnox | 16 | mkdir ${HOME}/.cache/dnox |
17 | mkdir ${HOME}/.config/dnox | 17 | mkdir ${HOME}/.config/dnox |
18 | allow ${HOME}/.cache/dnox | 18 | whitelist ${HOME}/.cache/dnox |
19 | allow ${HOME}/.config/dnox | 19 | whitelist ${HOME}/.config/dnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index dbcef36f8..f8fb1a331 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile | |||
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | nodeny /sbin | 13 | noblacklist /sbin |
14 | nodeny /usr/sbin | 14 | noblacklist /usr/sbin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | allow /usr/share/dnscrypt-proxy | 24 | whitelist /usr/share/dnscrypt-proxy |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index b1acbf392..01398c2b2 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile | |||
@@ -7,11 +7,11 @@ include dnsmasq.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny /sbin | 10 | noblacklist /sbin |
11 | nodeny /usr/sbin | 11 | noblacklist /usr/sbin |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER}/wayland-* | 14 | blacklist ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index 15b312ecb..49feec32e 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your dolphin-emu.local. | 9 | # Note: you must whitelist your games folder in your dolphin-emu.local. |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/dolphin-emu | 11 | noblacklist ${HOME}/.cache/dolphin-emu |
12 | nodeny ${HOME}/.config/dolphin-emu | 12 | noblacklist ${HOME}/.config/dolphin-emu |
13 | nodeny ${HOME}/.local/share/dolphin-emu | 13 | noblacklist ${HOME}/.local/share/dolphin-emu |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.cache/dolphin-emu | 24 | mkdir ${HOME}/.cache/dolphin-emu |
25 | mkdir ${HOME}/.config/dolphin-emu | 25 | mkdir ${HOME}/.config/dolphin-emu |
26 | mkdir ${HOME}/.local/share/dolphin-emu | 26 | mkdir ${HOME}/.local/share/dolphin-emu |
27 | allow ${HOME}/.cache/dolphin-emu | 27 | whitelist ${HOME}/.cache/dolphin-emu |
28 | allow ${HOME}/.config/dolphin-emu | 28 | whitelist ${HOME}/.config/dolphin-emu |
29 | allow ${HOME}/.local/share/dolphin-emu | 29 | whitelist ${HOME}/.local/share/dolphin-emu |
30 | allow /usr/share/dolphin-emu | 30 | whitelist /usr/share/dolphin-emu |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 3b0adcc36..37a4113cb 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile | |||
@@ -7,7 +7,7 @@ include dooble-qt4.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.dooble | 10 | noblacklist ${HOME}/.dooble |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.dooble | 19 | mkdir ${HOME}/.dooble |
20 | allow ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | allow ${HOME}/.dooble | 21 | whitelist ${HOME}/.dooble |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 29e506764..988f66f28 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile | |||
@@ -6,8 +6,8 @@ include dosbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.dosbox | 9 | noblacklist ${HOME}/.dosbox |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 90ca11774..8fa01d504 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile | |||
@@ -6,9 +6,9 @@ include dragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/dragonplayerrc | 9 | noblacklist ${HOME}/.config/dragonplayerrc |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | allow /usr/share/dragonplayer | 22 | whitelist /usr/share/dragonplayer |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 84a77ce34..82d96e405 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -6,7 +6,7 @@ include drawio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/draw.io | 9 | noblacklist ${HOME}/.config/draw.io |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/draw.io | 20 | mkdir ${HOME}/.config/draw.io |
21 | allow ${HOME}/.config/draw.io | 21 | whitelist ${HOME}/.config/draw.io |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index e177fd60e..068bd88d8 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -7,10 +7,10 @@ include drill.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${PATH}/drill | 10 | noblacklist ${PATH}/drill |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER} | 13 | blacklist ${RUNUSER} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index 274cdd478..b3b2aaf40 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile | |||
@@ -5,9 +5,9 @@ include dropbox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
9 | nodeny ${HOME}/.dropbox | 9 | noblacklist ${HOME}/.dropbox |
10 | nodeny ${HOME}/.dropbox-dist | 10 | noblacklist ${HOME}/.dropbox-dist |
11 | 11 | ||
12 | # Allow python3 (blacklisted by disable-interpreters.inc) | 12 | # Allow python3 (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox | |||
22 | mkdir ${HOME}/.dropbox-dist | 22 | mkdir ${HOME}/.dropbox-dist |
23 | mkdir ${HOME}/Dropbox | 23 | mkdir ${HOME}/Dropbox |
24 | mkfile ${HOME}/.config/autostart/dropbox.desktop | 24 | mkfile ${HOME}/.config/autostart/dropbox.desktop |
25 | allow ${HOME}/.config/autostart/dropbox.desktop | 25 | whitelist ${HOME}/.config/autostart/dropbox.desktop |
26 | allow ${HOME}/.dropbox | 26 | whitelist ${HOME}/.dropbox |
27 | allow ${HOME}/.dropbox-dist | 27 | whitelist ${HOME}/.dropbox-dist |
28 | allow ${HOME}/Dropbox | 28 | whitelist ${HOME}/Dropbox |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index da54fec34..38e4b16f7 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -6,7 +6,7 @@ include easystroke.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.easystroke | 9 | noblacklist ${HOME}/.easystroke |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.easystroke | 19 | mkdir ${HOME}/.easystroke |
20 | allow ${HOME}/.easystroke | 20 | whitelist ${HOME}/.easystroke |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 10e57371e..278dd6cbd 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -6,7 +6,7 @@ include electron-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/electron-mail | 9 | noblacklist ${HOME}/.config/electron-mail |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/electron-mail | 20 | mkdir ${HOME}/.config/electron-mail |
21 | allow ${HOME}/.config/electron-mail | 21 | whitelist ${HOME}/.config/electron-mail |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | 23 | ||
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index e8d8d35c4..493af79d4 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc | |||
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | include disable-xdg.inc | 13 | include disable-xdg.inc |
14 | 14 | ||
15 | allow ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | include whitelist-common.inc | 16 | include whitelist-common.inc |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-usr-share-common.inc | 18 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index f6691017c..ad636d71a 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -6,7 +6,7 @@ include electrum.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.electrum | 9 | noblacklist ${HOME}/.electrum |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,7 +22,7 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.electrum | 24 | mkdir ${HOME}/.electrum |
25 | allow ${HOME}/.electrum | 25 | whitelist ${HOME}/.electrum |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile index ec28866b8..48a826f2e 100644 --- a/etc/profile-a-l/element-desktop.profile +++ b/etc/profile-a-l/element-desktop.profile | |||
@@ -9,11 +9,11 @@ include element-desktop.local | |||
9 | 9 | ||
10 | ignore dbus-user none | 10 | ignore dbus-user none |
11 | 11 | ||
12 | nodeny ${HOME}/.config/Element | 12 | noblacklist ${HOME}/.config/Element |
13 | 13 | ||
14 | mkdir ${HOME}/.config/Element | 14 | mkdir ${HOME}/.config/Element |
15 | allow ${HOME}/.config/Element | 15 | whitelist ${HOME}/.config/Element |
16 | allow /opt/Element | 16 | whitelist /opt/Element |
17 | 17 | ||
18 | private-opt Element | 18 | private-opt Element |
19 | 19 | ||
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile index 30dca05cb..5a29eb24b 100644 --- a/etc/profile-a-l/elinks.profile +++ b/etc/profile-a-l/elinks.profile | |||
@@ -7,10 +7,10 @@ include elinks.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.elinks | 10 | noblacklist ${HOME}/.elinks |
11 | 11 | ||
12 | mkdir ${HOME}/.elinks | 12 | mkdir ${HOME}/.elinks |
13 | allow ${HOME}/.elinks | 13 | whitelist ${HOME}/.elinks |
14 | 14 | ||
15 | private-bin elinks | 15 | private-bin elinks |
16 | 16 | ||
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index f0e0e2830..55bf743ef 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile | |||
@@ -6,8 +6,8 @@ include emacs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.emacs | 9 | noblacklist ${HOME}/.emacs |
10 | nodeny ${HOME}/.emacs.d | 10 | noblacklist ${HOME}/.emacs.d |
11 | # Add the next line to your emacs.local if you need gpg support. | 11 | # Add the next line to your emacs.local if you need gpg support. |
12 | #noblacklist ${HOME}/.gnupg | 12 | #noblacklist ${HOME}/.gnupg |
13 | 13 | ||
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 5fc72d340..6c9a8a6ea 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -7,14 +7,14 @@ include email-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | nodeny ${HOME}/.mozilla | 11 | noblacklist ${HOME}/.mozilla |
12 | nodeny ${HOME}/.signature | 12 | noblacklist ${HOME}/.signature |
13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local | 13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local |
14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications | 14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications |
15 | nodeny ${HOME}/Mail | 15 | noblacklist ${HOME}/Mail |
16 | 16 | ||
17 | nodeny ${DOCUMENTS} | 17 | noblacklist ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -27,17 +27,17 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.config/mimeapps.list | 28 | mkfile ${HOME}/.config/mimeapps.list |
29 | mkfile ${HOME}/.signature | 29 | mkfile ${HOME}/.signature |
30 | allow ${HOME}/.config/mimeapps.list | 30 | whitelist ${HOME}/.config/mimeapps.list |
31 | allow ${HOME}/.mozilla/firefox/profiles.ini | 31 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
32 | allow ${HOME}/.gnupg | 32 | whitelist ${HOME}/.gnupg |
33 | allow ${HOME}/.signature | 33 | whitelist ${HOME}/.signature |
34 | allow ${DOCUMENTS} | 34 | whitelist ${DOCUMENTS} |
35 | allow ${DOWNLOADS} | 35 | whitelist ${DOWNLOADS} |
36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local | 36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local |
37 | allow ${HOME}/Mail | 37 | whitelist ${HOME}/Mail |
38 | allow ${RUNUSER}/gnupg | 38 | whitelist ${RUNUSER}/gnupg |
39 | allow /usr/share/gnupg | 39 | whitelist /usr/share/gnupg |
40 | allow /usr/share/gnupg2 | 40 | whitelist /usr/share/gnupg2 |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index 36015b702..ac17b1726 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -6,9 +6,9 @@ include enchant.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${HOME}/.config/enchant | 11 | noblacklist ${HOME}/.config/enchant |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/enchant | 21 | mkdir ${HOME}/.config/enchant |
22 | allow ${HOME}/.config/enchant | 22 | whitelist ${HOME}/.config/enchant |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile index 9a1d89bba..d982433e2 100644 --- a/etc/profile-a-l/enox.profile +++ b/etc/profile-a-l/enox.profile | |||
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/Enox | 13 | noblacklist ${HOME}/.cache/Enox |
14 | nodeny ${HOME}/.config/Enox | 14 | noblacklist ${HOME}/.config/Enox |
15 | 15 | ||
16 | #mkdir ${HOME}/.cache/dnox | 16 | #mkdir ${HOME}/.cache/dnox |
17 | #mkdir ${HOME}/.config/dnox | 17 | #mkdir ${HOME}/.config/dnox |
18 | mkdir ${HOME}/.cache/Enox | 18 | mkdir ${HOME}/.cache/Enox |
19 | mkdir ${HOME}/.config/Enox | 19 | mkdir ${HOME}/.config/Enox |
20 | allow ${HOME}/.cache/Enox | 20 | whitelist ${HOME}/.cache/Enox |
21 | allow ${HOME}/.config/Enox | 21 | whitelist ${HOME}/.config/Enox |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
24 | include chromium-common.profile | 24 | include chromium-common.profile |
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index 5d8f8a0b9..c4123b4c2 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -6,11 +6,11 @@ include enpass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Enpass | 9 | noblacklist ${HOME}/.cache/Enpass |
10 | nodeny ${HOME}/.config/sinew.in | 10 | noblacklist ${HOME}/.config/sinew.in |
11 | nodeny ${HOME}/.config/Sinew Software Systems | 11 | noblacklist ${HOME}/.config/Sinew Software Systems |
12 | nodeny ${HOME}/.local/share/Enpass | 12 | noblacklist ${HOME}/.local/share/Enpass |
13 | nodeny ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass | |||
24 | mkfile ${HOME}/.config/sinew.in | 24 | mkfile ${HOME}/.config/sinew.in |
25 | mkdir ${HOME}/.config/Sinew Software Systems | 25 | mkdir ${HOME}/.config/Sinew Software Systems |
26 | mkdir ${HOME}/.local/share/Enpass | 26 | mkdir ${HOME}/.local/share/Enpass |
27 | allow ${HOME}/.cache/Enpass | 27 | whitelist ${HOME}/.cache/Enpass |
28 | allow ${HOME}/.config/sinew.in | 28 | whitelist ${HOME}/.config/sinew.in |
29 | allow ${HOME}/.config/Sinew Software Systems | 29 | whitelist ${HOME}/.config/Sinew Software Systems |
30 | allow ${HOME}/.local/share/Enpass | 30 | whitelist ${HOME}/.local/share/Enpass |
31 | allow ${DOCUMENTS} | 31 | whitelist ${DOCUMENTS} |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index ff7040e5c..fe7913e77 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -7,11 +7,11 @@ include eo-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
11 | nodeny ${HOME}/.Steam | 11 | noblacklist ${HOME}/.Steam |
12 | nodeny ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
13 | 13 | ||
14 | deny /usr/libexec | 14 | blacklist /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index e8592c7df..5892374bd 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -6,9 +6,9 @@ include eog.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/eog | 9 | noblacklist ${HOME}/.config/eog |
10 | 10 | ||
11 | allow /usr/share/eog | 11 | whitelist /usr/share/eog |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eog.local if you need that functionality. | 14 | # Add the next lines to your eog.local if you need that functionality. |
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile index 323f5ade2..7143a8e03 100644 --- a/etc/profile-a-l/eom.profile +++ b/etc/profile-a-l/eom.profile | |||
@@ -6,9 +6,9 @@ include eom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mate/eom | 9 | noblacklist ${HOME}/.config/mate/eom |
10 | 10 | ||
11 | allow /usr/share/eom | 11 | whitelist /usr/share/eom |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eom.local if you need that functionality. | 14 | # Add the next lines to your eom.local if you need that functionality. |
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 3657742b9..131d68951 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # enforce private-cache | 9 | # enforce private-cache |
10 | #noblacklist ${HOME}/.cache/ephemeral | 10 | #noblacklist ${HOME}/.cache/ephemeral |
11 | 11 | ||
12 | nodeny ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | nodeny ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # noexec ${HOME} breaks DRM binaries. | 15 | # noexec ${HOME} breaks DRM binaries. |
16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki | |||
27 | mkdir ${HOME}/.local/share/pki | 27 | mkdir ${HOME}/.local/share/pki |
28 | # enforce private-cache | 28 | # enforce private-cache |
29 | #whitelist ${HOME}/.cache/ephemeral | 29 | #whitelist ${HOME}/.cache/ephemeral |
30 | allow ${HOME}/.pki | 30 | whitelist ${HOME}/.pki |
31 | allow ${HOME}/.local/share/pki | 31 | whitelist ${HOME}/.local/share/pki |
32 | allow ${DOWNLOADS} | 32 | whitelist ${DOWNLOADS} |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile index daedb2193..225811226 100644 --- a/etc/profile-a-l/epiphany.profile +++ b/etc/profile-a-l/epiphany.profile | |||
@@ -9,9 +9,9 @@ include globals.local | |||
9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. | 9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. |
10 | # See https://github.com/netblue30/firejail/issues/2995 | 10 | # See https://github.com/netblue30/firejail/issues/2995 |
11 | 11 | ||
12 | nodeny ${HOME}/.cache/epiphany | 12 | noblacklist ${HOME}/.cache/epiphany |
13 | nodeny ${HOME}/.config/epiphany | 13 | noblacklist ${HOME}/.config/epiphany |
14 | nodeny ${HOME}/.local/share/epiphany | 14 | noblacklist ${HOME}/.local/share/epiphany |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.cache/epiphany | 21 | mkdir ${HOME}/.cache/epiphany |
22 | mkdir ${HOME}/.config/epiphany | 22 | mkdir ${HOME}/.config/epiphany |
23 | mkdir ${HOME}/.local/share/epiphany | 23 | mkdir ${HOME}/.local/share/epiphany |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | allow ${HOME}/.cache/epiphany | 25 | whitelist ${HOME}/.cache/epiphany |
26 | allow ${HOME}/.config/epiphany | 26 | whitelist ${HOME}/.config/epiphany |
27 | allow ${HOME}/.local/share/epiphany | 27 | whitelist ${HOME}/.local/share/epiphany |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index ac957870c..964d3b7ca 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -6,8 +6,8 @@ include equalx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/equalx | 9 | noblacklist ${HOME}/.config/equalx |
10 | nodeny ${HOME}/.equalx | 10 | noblacklist ${HOME}/.equalx |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,13 +20,13 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/equalx | 21 | mkdir ${HOME}/.config/equalx |
22 | mkdir ${HOME}/.equalx | 22 | mkdir ${HOME}/.equalx |
23 | allow ${HOME}/.config/equalx | 23 | whitelist ${HOME}/.config/equalx |
24 | allow ${HOME}/.equalx | 24 | whitelist ${HOME}/.equalx |
25 | allow /usr/share/poppler | 25 | whitelist /usr/share/poppler |
26 | allow /usr/share/ghostscript | 26 | whitelist /usr/share/ghostscript |
27 | allow /usr/share/texlive | 27 | whitelist /usr/share/texlive |
28 | allow /usr/share/equalx | 28 | whitelist /usr/share/equalx |
29 | allow /var/lib/texmf | 29 | whitelist /var/lib/texmf |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index a2f46b757..fdff1e4b5 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -6,9 +6,9 @@ include etr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.etr | 9 | noblacklist ${HOME}/.etr |
10 | 10 | ||
11 | deny /usr/libexec | 11 | blacklist /usr/libexec |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.etr | 22 | mkdir ${HOME}/.etr |
23 | allow ${HOME}/.etr | 23 | whitelist ${HOME}/.etr |
24 | allow /usr/share/etr | 24 | whitelist /usr/share/etr |
25 | # Debian version | 25 | # Debian version |
26 | allow /usr/share/games/etr | 26 | whitelist /usr/share/games/etr |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index ce2617ad6..a9e39b15c 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -10,10 +10,10 @@ include globals.local | |||
10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). | 10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). |
11 | #noblacklist ${HOME}/.local/share/gvfs-metadata | 11 | #noblacklist ${HOME}/.local/share/gvfs-metadata |
12 | 12 | ||
13 | nodeny ${HOME}/.config/evince | 13 | noblacklist ${HOME}/.config/evince |
14 | nodeny ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
15 | 15 | ||
16 | deny /usr/libexec | 16 | blacklist /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | allow /usr/share/doc | 27 | whitelist /usr/share/doc |
28 | allow /usr/share/evince | 28 | whitelist /usr/share/evince |
29 | allow /usr/share/poppler | 29 | whitelist /usr/share/poppler |
30 | allow /usr/share/tracker | 30 | whitelist /usr/share/tracker |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 142498a28..7222493ac 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
@@ -6,15 +6,15 @@ include evolution.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /var/mail | 9 | noblacklist /var/mail |
10 | nodeny /var/spool/mail | 10 | noblacklist /var/spool/mail |
11 | nodeny ${HOME}/.bogofilter | 11 | noblacklist ${HOME}/.bogofilter |
12 | nodeny ${HOME}/.cache/evolution | 12 | noblacklist ${HOME}/.cache/evolution |
13 | nodeny ${HOME}/.config/evolution | 13 | noblacklist ${HOME}/.config/evolution |
14 | nodeny ${HOME}/.gnupg | 14 | noblacklist ${HOME}/.gnupg |
15 | nodeny ${HOME}/.local/share/evolution | 15 | noblacklist ${HOME}/.local/share/evolution |
16 | nodeny ${HOME}/.pki | 16 | noblacklist ${HOME}/.pki |
17 | nodeny ${HOME}/.local/share/pki | 17 | noblacklist ${HOME}/.local/share/pki |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index 216814989..7b09a2c64 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -6,7 +6,7 @@ include exiftool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -18,7 +18,7 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | allow /usr/share/perl-image-exiftool | 21 | whitelist /usr/share/perl-image-exiftool |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index 9bb42945b..b2061db79 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -6,8 +6,8 @@ include falkon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/falkon | 9 | noblacklist ${HOME}/.cache/falkon |
10 | nodeny ${HOME}/.config/falkon | 10 | noblacklist ${HOME}/.config/falkon |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/falkon | 20 | mkdir ${HOME}/.cache/falkon |
21 | mkdir ${HOME}/.config/falkon | 21 | mkdir ${HOME}/.config/falkon |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow ${HOME}/.cache/falkon | 23 | whitelist ${HOME}/.cache/falkon |
24 | allow ${HOME}/.config/falkon | 24 | whitelist ${HOME}/.config/falkon |
25 | allow /usr/share/falkon | 25 | whitelist /usr/share/falkon |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index d141c6ed5..8e81000fd 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile | |||
@@ -6,8 +6,8 @@ include fbreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.FBReader | 9 | noblacklist ${HOME}/.FBReader |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 17a365053..31cb1776c 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -5,11 +5,11 @@ include fdns.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny /sbin | 8 | noblacklist /sbin |
9 | nodeny /usr/sbin | 9 | noblacklist /usr/sbin |
10 | 10 | ||
11 | deny /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | deny ${RUNUSER}/wayland-* | 12 | blacklist ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 359be083e..664ec2da6 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile | |||
@@ -6,8 +6,8 @@ include feedreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/feedreader | 9 | noblacklist ${HOME}/.cache/feedreader |
10 | nodeny ${HOME}/.local/share/feedreader | 10 | noblacklist ${HOME}/.local/share/feedreader |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/feedreader | 21 | mkdir ${HOME}/.cache/feedreader |
22 | mkdir ${HOME}/.local/share/feedreader | 22 | mkdir ${HOME}/.local/share/feedreader |
23 | allow ${HOME}/.cache/feedreader | 23 | whitelist ${HOME}/.cache/feedreader |
24 | allow ${HOME}/.local/share/feedreader | 24 | whitelist ${HOME}/.local/share/feedreader |
25 | allow /usr/share/feedreader | 25 | whitelist /usr/share/feedreader |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile index f60055f37..a2372ec8a 100644 --- a/etc/profile-a-l/ferdi.profile +++ b/etc/profile-a-l/ferdi.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/Ferdi | 10 | noblacklist ${HOME}/.cache/Ferdi |
11 | nodeny ${HOME}/.config/Ferdi | 11 | noblacklist ${HOME}/.config/Ferdi |
12 | nodeny ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | nodeny ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi | |||
22 | mkdir ${HOME}/.config/Ferdi | 22 | mkdir ${HOME}/.config/Ferdi |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow ${HOME}/.cache/Ferdi | 26 | whitelist ${HOME}/.cache/Ferdi |
27 | allow ${HOME}/.config/Ferdi | 27 | whitelist ${HOME}/.config/Ferdi |
28 | allow ${HOME}/.pki | 28 | whitelist ${HOME}/.pki |
29 | allow ${HOME}/.local/share/pki | 29 | whitelist ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index 1e06ec29a..7358ed5c7 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile | |||
@@ -6,8 +6,8 @@ include fetchmail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.fetchmailrc | 9 | noblacklist ${HOME}/.fetchmailrc |
10 | nodeny ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 1a64183ab..13ef1beb9 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile | |||
@@ -7,8 +7,8 @@ include ffmpeg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | allow /usr/share/devedeng | 22 | whitelist /usr/share/devedeng |
23 | allow /usr/share/ffmpeg | 23 | whitelist /usr/share/ffmpeg |
24 | allow /usr/share/qtchooser | 24 | whitelist /usr/share/qtchooser |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index f7a938f24..4eeceeee8 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -13,9 +13,9 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | allow /usr/libexec/file-roller | 16 | whitelist /usr/libexec/file-roller |
17 | allow /usr/libexec/p7zip | 17 | whitelist /usr/libexec/p7zip |
18 | allow /usr/share/file-roller | 18 | whitelist /usr/share/file-roller |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index 426d1e72d..5c7583605 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile | |||
@@ -7,7 +7,7 @@ include file.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index d9e0e9da0..dc5def54f 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile | |||
@@ -6,8 +6,8 @@ include filezilla.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/filezilla | 9 | noblacklist ${HOME}/.config/filezilla |
10 | nodeny ${HOME}/.filezilla | 10 | noblacklist ${HOME}/.filezilla |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile index e22424794..77487161e 100644 --- a/etc/profile-a-l/firedragon.profile +++ b/etc/profile-a-l/firedragon.profile | |||
@@ -6,13 +6,13 @@ include firedragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/firedragon | 9 | noblacklist ${HOME}/.cache/firedragon |
10 | nodeny ${HOME}/.firedragon | 10 | noblacklist ${HOME}/.firedragon |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/firedragon | 12 | mkdir ${HOME}/.cache/firedragon |
13 | mkdir ${HOME}/.firedragon | 13 | mkdir ${HOME}/.firedragon |
14 | allow ${HOME}/.cache/firedragon | 14 | whitelist ${HOME}/.cache/firedragon |
15 | allow ${HOME}/.firedragon | 15 | whitelist ${HOME}/.firedragon |
16 | 16 | ||
17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. | 17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index 7e2e8760d..d282f9a60 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -5,74 +5,74 @@ include firefox-common-addons.local | |||
5 | ignore include whitelist-runuser-common.inc | 5 | ignore include whitelist-runuser-common.inc |
6 | ignore private-cache | 6 | ignore private-cache |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/youtube-dl | 8 | noblacklist ${HOME}/.cache/youtube-dl |
9 | nodeny ${HOME}/.config/kgetrc | 9 | noblacklist ${HOME}/.config/kgetrc |
10 | nodeny ${HOME}/.config/mpv | 10 | noblacklist ${HOME}/.config/mpv |
11 | nodeny ${HOME}/.config/okularpartrc | 11 | noblacklist ${HOME}/.config/okularpartrc |
12 | nodeny ${HOME}/.config/okularrc | 12 | noblacklist ${HOME}/.config/okularrc |
13 | nodeny ${HOME}/.config/qpdfview | 13 | noblacklist ${HOME}/.config/qpdfview |
14 | nodeny ${HOME}/.config/youtube-dl | 14 | noblacklist ${HOME}/.config/youtube-dl |
15 | nodeny ${HOME}/.kde/share/apps/kget | 15 | noblacklist ${HOME}/.kde/share/apps/kget |
16 | nodeny ${HOME}/.kde/share/apps/okular | 16 | noblacklist ${HOME}/.kde/share/apps/okular |
17 | nodeny ${HOME}/.kde/share/config/kgetrc | 17 | noblacklist ${HOME}/.kde/share/config/kgetrc |
18 | nodeny ${HOME}/.kde/share/config/okularpartrc | 18 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
19 | nodeny ${HOME}/.kde/share/config/okularrc | 19 | noblacklist ${HOME}/.kde/share/config/okularrc |
20 | nodeny ${HOME}/.kde4/share/apps/kget | 20 | noblacklist ${HOME}/.kde4/share/apps/kget |
21 | nodeny ${HOME}/.kde4/share/apps/okular | 21 | noblacklist ${HOME}/.kde4/share/apps/okular |
22 | nodeny ${HOME}/.kde4/share/config/kgetrc | 22 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
23 | nodeny ${HOME}/.kde4/share/config/okularpartrc | 23 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
24 | nodeny ${HOME}/.kde4/share/config/okularrc | 24 | noblacklist ${HOME}/.kde4/share/config/okularrc |
25 | nodeny ${HOME}/.local/share/kget | 25 | noblacklist ${HOME}/.local/share/kget |
26 | nodeny ${HOME}/.local/share/kxmlgui5/okular | 26 | noblacklist ${HOME}/.local/share/kxmlgui5/okular |
27 | nodeny ${HOME}/.local/share/okular | 27 | noblacklist ${HOME}/.local/share/okular |
28 | nodeny ${HOME}/.local/share/qpdfview | 28 | noblacklist ${HOME}/.local/share/qpdfview |
29 | nodeny ${HOME}/.netrc | 29 | noblacklist ${HOME}/.netrc |
30 | 30 | ||
31 | allow ${HOME}/.cache/gnome-mplayer/plugin | 31 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
32 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 32 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
33 | allow ${HOME}/.config/gnome-mplayer | 33 | whitelist ${HOME}/.config/gnome-mplayer |
34 | allow ${HOME}/.config/kgetrc | 34 | whitelist ${HOME}/.config/kgetrc |
35 | allow ${HOME}/.config/mpv | 35 | whitelist ${HOME}/.config/mpv |
36 | allow ${HOME}/.config/okularpartrc | 36 | whitelist ${HOME}/.config/okularpartrc |
37 | allow ${HOME}/.config/okularrc | 37 | whitelist ${HOME}/.config/okularrc |
38 | allow ${HOME}/.config/pipelight-silverlight5.1 | 38 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
39 | allow ${HOME}/.config/pipelight-widevine | 39 | whitelist ${HOME}/.config/pipelight-widevine |
40 | allow ${HOME}/.config/qpdfview | 40 | whitelist ${HOME}/.config/qpdfview |
41 | allow ${HOME}/.config/youtube-dl | 41 | whitelist ${HOME}/.config/youtube-dl |
42 | allow ${HOME}/.kde/share/apps/kget | 42 | whitelist ${HOME}/.kde/share/apps/kget |
43 | allow ${HOME}/.kde/share/apps/okular | 43 | whitelist ${HOME}/.kde/share/apps/okular |
44 | allow ${HOME}/.kde/share/config/kgetrc | 44 | whitelist ${HOME}/.kde/share/config/kgetrc |
45 | allow ${HOME}/.kde/share/config/okularpartrc | 45 | whitelist ${HOME}/.kde/share/config/okularpartrc |
46 | allow ${HOME}/.kde/share/config/okularrc | 46 | whitelist ${HOME}/.kde/share/config/okularrc |
47 | allow ${HOME}/.kde4/share/apps/kget | 47 | whitelist ${HOME}/.kde4/share/apps/kget |
48 | allow ${HOME}/.kde4/share/apps/okular | 48 | whitelist ${HOME}/.kde4/share/apps/okular |
49 | allow ${HOME}/.kde4/share/config/kgetrc | 49 | whitelist ${HOME}/.kde4/share/config/kgetrc |
50 | allow ${HOME}/.kde4/share/config/okularpartrc | 50 | whitelist ${HOME}/.kde4/share/config/okularpartrc |
51 | allow ${HOME}/.kde4/share/config/okularrc | 51 | whitelist ${HOME}/.kde4/share/config/okularrc |
52 | allow ${HOME}/.keysnail.js | 52 | whitelist ${HOME}/.keysnail.js |
53 | allow ${HOME}/.lastpass | 53 | whitelist ${HOME}/.lastpass |
54 | allow ${HOME}/.local/share/kget | 54 | whitelist ${HOME}/.local/share/kget |
55 | allow ${HOME}/.local/share/kxmlgui5/okular | 55 | whitelist ${HOME}/.local/share/kxmlgui5/okular |
56 | allow ${HOME}/.local/share/okular | 56 | whitelist ${HOME}/.local/share/okular |
57 | allow ${HOME}/.local/share/qpdfview | 57 | whitelist ${HOME}/.local/share/qpdfview |
58 | allow ${HOME}/.local/share/tridactyl | 58 | whitelist ${HOME}/.local/share/tridactyl |
59 | allow ${HOME}/.netrc | 59 | whitelist ${HOME}/.netrc |
60 | allow ${HOME}/.pentadactyl | 60 | whitelist ${HOME}/.pentadactyl |
61 | allow ${HOME}/.pentadactylrc | 61 | whitelist ${HOME}/.pentadactylrc |
62 | allow ${HOME}/.tridactylrc | 62 | whitelist ${HOME}/.tridactylrc |
63 | allow ${HOME}/.vimperator | 63 | whitelist ${HOME}/.vimperator |
64 | allow ${HOME}/.vimperatorrc | 64 | whitelist ${HOME}/.vimperatorrc |
65 | allow ${HOME}/.wine-pipelight | 65 | whitelist ${HOME}/.wine-pipelight |
66 | allow ${HOME}/.wine-pipelight64 | 66 | whitelist ${HOME}/.wine-pipelight64 |
67 | allow ${HOME}/.zotero | 67 | whitelist ${HOME}/.zotero |
68 | allow ${HOME}/dwhelper | 68 | whitelist ${HOME}/dwhelper |
69 | allow /usr/share/lua | 69 | whitelist /usr/share/lua |
70 | allow /usr/share/lua* | 70 | whitelist /usr/share/lua* |
71 | allow /usr/share/vulkan | 71 | whitelist /usr/share/vulkan |
72 | 72 | ||
73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python | 73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python |
74 | nodeny ${HOME}/.local/share/gnome-shell | 74 | noblacklist ${HOME}/.local/share/gnome-shell |
75 | allow ${HOME}/.local/share/gnome-shell | 75 | whitelist ${HOME}/.local/share/gnome-shell |
76 | dbus-user.talk ca.desrt.dconf | 76 | dbus-user.talk ca.desrt.dconf |
77 | dbus-user.talk org.gnome.ChromeGnomeShell | 77 | dbus-user.talk org.gnome.ChromeGnomeShell |
78 | dbus-user.talk org.gnome.Shell | 78 | dbus-user.talk org.gnome.Shell |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index cb0fae5dc..8b74ed979 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -12,8 +12,8 @@ include firefox-common.local | |||
12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. | 12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. |
13 | #include firefox-common-addons.profile | 13 | #include firefox-common-addons.profile |
14 | 14 | ||
15 | nodeny ${HOME}/.pki | 15 | noblacklist ${HOME}/.pki |
16 | nodeny ${HOME}/.local/share/pki | 16 | noblacklist ${HOME}/.local/share/pki |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.pki | 24 | mkdir ${HOME}/.pki |
25 | mkdir ${HOME}/.local/share/pki | 25 | mkdir ${HOME}/.local/share/pki |
26 | allow ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | allow ${HOME}/.pki | 27 | whitelist ${HOME}/.pki |
28 | allow ${HOME}/.local/share/pki | 28 | whitelist ${HOME}/.local/share/pki |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile index 4fd315fdf..5e69fdb51 100644 --- a/etc/profile-a-l/firefox-esr.profile +++ b/etc/profile-a-l/firefox-esr.profile | |||
@@ -6,7 +6,7 @@ include firefox-esr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | allow /usr/share/firefox-esr | 9 | whitelist /usr/share/firefox-esr |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include firefox.profile | 12 | include firefox.profile |
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 93d32d141..ff2a499dc 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -14,29 +14,29 @@ include globals.local | |||
14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox | 14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox |
15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 | 15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 |
16 | 16 | ||
17 | nodeny ${HOME}/.cache/mozilla | 17 | noblacklist ${HOME}/.cache/mozilla |
18 | nodeny ${HOME}/.mozilla | 18 | noblacklist ${HOME}/.mozilla |
19 | nodeny ${RUNUSER}/*firefox* # location of profiles if profile-sync-daemon is used | 19 | noblacklist ${RUNUSER}/*firefox* |
20 | 20 | ||
21 | deny /usr/libexec | 21 | blacklist /usr/libexec |
22 | 22 | ||
23 | mkdir ${HOME}/.cache/mozilla/firefox | 23 | mkdir ${HOME}/.cache/mozilla/firefox |
24 | mkdir ${HOME}/.mozilla | 24 | mkdir ${HOME}/.mozilla |
25 | allow ${HOME}/.cache/mozilla/firefox | 25 | whitelist ${HOME}/.cache/mozilla/firefox |
26 | allow ${HOME}/.mozilla | 26 | whitelist ${HOME}/.mozilla |
27 | 27 | ||
28 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. | 28 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. |
29 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. | 29 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. |
30 | #whitelist ${RUNUSER}/kpxc_server | 30 | #whitelist ${RUNUSER}/kpxc_server |
31 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 31 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
32 | 32 | ||
33 | allow /usr/share/doc | 33 | whitelist /usr/share/doc |
34 | allow /usr/share/firefox | 34 | whitelist /usr/share/firefox |
35 | allow /usr/share/gnome-shell/search-providers/firefox-search-provider.ini | 35 | whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini |
36 | allow /usr/share/gtk-doc/html | 36 | whitelist /usr/share/gtk-doc/html |
37 | allow /usr/share/mozilla | 37 | whitelist /usr/share/mozilla |
38 | allow /usr/share/webext | 38 | whitelist /usr/share/webext |
39 | allow ${RUNUSER}/*firefox* | 39 | whitelist ${RUNUSER}/*firefox* |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | 41 | ||
42 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. | 42 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. |
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile index bd1becaf0..2c86d3ac7 100644 --- a/etc/profile-a-l/five-or-more.profile +++ b/etc/profile-a-l/five-or-more.profile | |||
@@ -6,12 +6,12 @@ include five-or-more.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/five-or-more | 9 | noblacklist ${HOME}/.local/share/five-or-more |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/five-or-more | 11 | mkdir ${HOME}/.local/share/five-or-more |
12 | allow ${HOME}/.local/share/five-or-more | 12 | whitelist ${HOME}/.local/share/five-or-more |
13 | 13 | ||
14 | allow /usr/share/five-or-more | 14 | whitelist /usr/share/five-or-more |
15 | 15 | ||
16 | private-bin five-or-more | 16 | private-bin five-or-more |
17 | 17 | ||
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index f16a65536..55af96c84 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -7,9 +7,9 @@ include flameshot.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | nodeny ${HOME}/.config/Dharkael | 11 | noblacklist ${HOME}/.config/Dharkael |
12 | nodeny ${HOME}/.config/flameshot | 12 | noblacklist ${HOME}/.config/flameshot |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${PICTURES} | 25 | #whitelist ${PICTURES} |
26 | #whitelist ${HOME}/.config/Dharkael | 26 | #whitelist ${HOME}/.config/Dharkael |
27 | #whitelist ${HOME}/.config/flameshot | 27 | #whitelist ${HOME}/.config/flameshot |
28 | allow /usr/share/flameshot | 28 | whitelist /usr/share/flameshot |
29 | #include whitelist-common.inc | 29 | #include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile index af114e129..310fb378f 100644 --- a/etc/profile-a-l/flashpeak-slimjet.profile +++ b/etc/profile-a-l/flashpeak-slimjet.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/slimjet | 13 | noblacklist ${HOME}/.cache/slimjet |
14 | nodeny ${HOME}/.config/slimjet | 14 | noblacklist ${HOME}/.config/slimjet |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/slimjet | 16 | mkdir ${HOME}/.cache/slimjet |
17 | mkdir ${HOME}/.config/slimjet | 17 | mkdir ${HOME}/.config/slimjet |
18 | allow ${HOME}/.cache/slimjet | 18 | whitelist ${HOME}/.cache/slimjet |
19 | allow ${HOME}/.config/slimjet | 19 | whitelist ${HOME}/.config/slimjet |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index 505763fb9..a4421e3ce 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile | |||
@@ -6,8 +6,8 @@ include flowblade.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/flowblade | 9 | noblacklist ${HOME}/.config/flowblade |
10 | nodeny ${HOME}/.flowblade | 10 | noblacklist ${HOME}/.flowblade |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index a22c0e103..1210f365c 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile | |||
@@ -7,7 +7,7 @@ include fluxbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in fluxbox will run in this profile | 9 | # all applications started in fluxbox will run in this profile |
10 | nodeny ${HOME}/.fluxbox | 10 | noblacklist ${HOME}/.fluxbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index ff9167c1a..cd0129436 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile | |||
@@ -6,8 +6,8 @@ include font-manager.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/font-manager | 9 | noblacklist ${HOME}/.cache/font-manager |
10 | nodeny ${HOME}/.config/font-manager | 10 | noblacklist ${HOME}/.config/font-manager |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -24,9 +24,9 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/font-manager | 25 | mkdir ${HOME}/.cache/font-manager |
26 | mkdir ${HOME}/.config/font-manager | 26 | mkdir ${HOME}/.config/font-manager |
27 | allow ${HOME}/.cache/font-manager | 27 | whitelist ${HOME}/.cache/font-manager |
28 | allow ${HOME}/.config/font-manager | 28 | whitelist ${HOME}/.config/font-manager |
29 | allow /usr/share/font-manager | 29 | whitelist /usr/share/font-manager |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index 64c7655e2..bd1495877 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile | |||
@@ -6,8 +6,8 @@ include fontforge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.FontForge | 9 | noblacklist ${HOME}/.FontForge |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile index 5e5a12794..2d700d336 100644 --- a/etc/profile-a-l/fossamail.profile +++ b/etc/profile-a-l/fossamail.profile | |||
@@ -6,16 +6,16 @@ include fossamail.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/fossamail | 9 | noblacklist ${HOME}/.cache/fossamail |
10 | nodeny ${HOME}/.fossamail | 10 | noblacklist ${HOME}/.fossamail |
11 | nodeny ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/fossamail | 13 | mkdir ${HOME}/.cache/fossamail |
14 | mkdir ${HOME}/.fossamail | 14 | mkdir ${HOME}/.fossamail |
15 | mkdir ${HOME}/.gnupg | 15 | mkdir ${HOME}/.gnupg |
16 | allow ${HOME}/.cache/fossamail | 16 | whitelist ${HOME}/.cache/fossamail |
17 | allow ${HOME}/.fossamail | 17 | whitelist ${HOME}/.fossamail |
18 | allow ${HOME}/.gnupg | 18 | whitelist ${HOME}/.gnupg |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | # allow browsers | 21 | # allow browsers |
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile index 97fd4a626..eb0c43ca5 100644 --- a/etc/profile-a-l/four-in-a-row.profile +++ b/etc/profile-a-l/four-in-a-row.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | allow /usr/share/four-in-a-row | 12 | whitelist /usr/share/four-in-a-row |
13 | 13 | ||
14 | private-bin four-in-a-row | 14 | private-bin four-in-a-row |
15 | 15 | ||
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 8edc9b02d..1b1d031b4 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile | |||
@@ -6,7 +6,7 @@ include fractal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/fractal | 9 | noblacklist ${HOME}/.cache/fractal |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/fractal | 24 | mkdir ${HOME}/.cache/fractal |
25 | allow ${HOME}/.cache/fractal | 25 | whitelist ${HOME}/.cache/fractal |
26 | allow ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile index 1a8ec8f99..9b780a572 100644 --- a/etc/profile-a-l/franz.profile +++ b/etc/profile-a-l/franz.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/Franz | 10 | noblacklist ${HOME}/.cache/Franz |
11 | nodeny ${HOME}/.config/Franz | 11 | noblacklist ${HOME}/.config/Franz |
12 | nodeny ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | nodeny ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz | |||
22 | mkdir ${HOME}/.config/Franz | 22 | mkdir ${HOME}/.config/Franz |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow ${HOME}/.cache/Franz | 26 | whitelist ${HOME}/.cache/Franz |
27 | allow ${HOME}/.config/Franz | 27 | whitelist ${HOME}/.config/Franz |
28 | allow ${HOME}/.pki | 28 | whitelist ${HOME}/.pki |
29 | allow ${HOME}/.local/share/pki | 29 | whitelist ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index a45ad4c7a..8043d0530 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile | |||
@@ -6,8 +6,8 @@ include freecad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/FreeCAD | 9 | noblacklist ${HOME}/.config/FreeCAD |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 20abd4056..23c19682c 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile | |||
@@ -6,7 +6,7 @@ include freeciv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.freeciv | 9 | noblacklist ${HOME}/.freeciv |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.freeciv | 19 | mkdir ${HOME}/.freeciv |
20 | allow ${HOME}/.freeciv | 20 | whitelist ${HOME}/.freeciv |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 79ccf4101..93fa7da03 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile | |||
@@ -6,10 +6,10 @@ include freecol.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.freecol | 9 | noblacklist ${HOME}/.freecol |
10 | nodeny ${HOME}/.cache/freecol | 10 | noblacklist ${HOME}/.cache/freecol |
11 | nodeny ${HOME}/.config/freecol | 11 | noblacklist ${HOME}/.config/freecol |
12 | nodeny ${HOME}/.local/share/freecol | 12 | noblacklist ${HOME}/.local/share/freecol |
13 | 13 | ||
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java | |||
26 | mkdir ${HOME}/.cache/freecol | 26 | mkdir ${HOME}/.cache/freecol |
27 | mkdir ${HOME}/.config/freecol | 27 | mkdir ${HOME}/.config/freecol |
28 | mkdir ${HOME}/.local/share/freecol | 28 | mkdir ${HOME}/.local/share/freecol |
29 | allow ${HOME}/.freecol | 29 | whitelist ${HOME}/.freecol |
30 | allow ${HOME}/.java | 30 | whitelist ${HOME}/.java |
31 | allow ${HOME}/.cache/freecol | 31 | whitelist ${HOME}/.cache/freecol |
32 | allow ${HOME}/.config/freecol | 32 | whitelist ${HOME}/.config/freecol |
33 | allow ${HOME}/.local/share/freecol | 33 | whitelist ${HOME}/.local/share/freecol |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | 36 | ||
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index ba52dd208..699177039 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile | |||
@@ -6,8 +6,8 @@ include freemind.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/.freemind | 10 | noblacklist ${HOME}/.freemind |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index 4c321322c..e6aff533d 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -6,12 +6,12 @@ include freetube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/FreeTube | 9 | noblacklist ${HOME}/.config/FreeTube |
10 | 10 | ||
11 | include disable-shell.inc | 11 | include disable-shell.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/FreeTube | 13 | mkdir ${HOME}/.config/FreeTube |
14 | allow ${HOME}/.config/FreeTube | 14 | whitelist ${HOME}/.config/FreeTube |
15 | 15 | ||
16 | private-bin freetube | 16 | private-bin freetube |
17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index 3a6dfcfd6..b4ad81046 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -6,7 +6,7 @@ include frogatto.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.frogatto | 9 | noblacklist ${HOME}/.frogatto |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.frogatto | 19 | mkdir ${HOME}/.frogatto |
20 | allow ${HOME}/.frogatto | 20 | whitelist ${HOME}/.frogatto |
21 | allow /usr/libexec/frogatto | 21 | whitelist /usr/libexec/frogatto |
22 | allow /usr/share/frogatto | 22 | whitelist /usr/share/frogatto |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index 12eca8eb0..76352e41e 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile | |||
@@ -6,7 +6,7 @@ include frozen-bubble.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.frozen-bubble | 9 | noblacklist ${HOME}/.frozen-bubble |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.frozen-bubble | 22 | mkdir ${HOME}/.frozen-bubble |
23 | allow ${HOME}/.frozen-bubble | 23 | whitelist ${HOME}/.frozen-bubble |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index 07030df4b..8852925b1 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile | |||
@@ -5,7 +5,7 @@ include funnyboat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.funnyboat | 8 | noblacklist ${HOME}/.funnyboat |
9 | 9 | ||
10 | ignore noexec /dev/shm | 10 | ignore noexec /dev/shm |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
@@ -21,12 +21,12 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.funnyboat | 23 | mkdir ${HOME}/.funnyboat |
24 | allow ${HOME}/.funnyboat | 24 | whitelist ${HOME}/.funnyboat |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | allow /usr/share/funnyboat | 27 | whitelist /usr/share/funnyboat |
28 | # Debian: | 28 | # Debian: |
29 | allow /usr/share/games/funnyboat | 29 | whitelist /usr/share/games/funnyboat |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index 4cd2cb1e6..ed3f0357d 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -6,10 +6,10 @@ include gajim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | nodeny ${HOME}/.cache/gajim | 10 | noblacklist ${HOME}/.cache/gajim |
11 | nodeny ${HOME}/.config/gajim | 11 | noblacklist ${HOME}/.config/gajim |
12 | nodeny ${HOME}/.local/share/gajim | 12 | noblacklist ${HOME}/.local/share/gajim |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | #include allow-python2.inc | 15 | #include allow-python2.inc |
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg | |||
28 | mkdir ${HOME}/.cache/gajim | 28 | mkdir ${HOME}/.cache/gajim |
29 | mkdir ${HOME}/.config/gajim | 29 | mkdir ${HOME}/.config/gajim |
30 | mkdir ${HOME}/.local/share/gajim | 30 | mkdir ${HOME}/.local/share/gajim |
31 | allow ${HOME}/.gnupg | 31 | whitelist ${HOME}/.gnupg |
32 | allow ${HOME}/.cache/gajim | 32 | whitelist ${HOME}/.cache/gajim |
33 | allow ${HOME}/.config/gajim | 33 | whitelist ${HOME}/.config/gajim |
34 | allow ${HOME}/.local/share/gajim | 34 | whitelist ${HOME}/.local/share/gajim |
35 | allow ${DOWNLOADS} | 35 | whitelist ${DOWNLOADS} |
36 | allow ${RUNUSER}/gnupg | 36 | whitelist ${RUNUSER}/gnupg |
37 | allow /usr/share/gnupg | 37 | whitelist /usr/share/gnupg |
38 | allow /usr/share/gnupg2 | 38 | whitelist /usr/share/gnupg2 |
39 | include whitelist-common.inc | 39 | include whitelist-common.inc |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 0b1b595a6..550b3808b 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -6,7 +6,7 @@ include galculator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/galculator | 9 | noblacklist ${HOME}/.config/galculator |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/galculator | 20 | mkdir ${HOME}/.config/galculator |
21 | allow ${HOME}/.config/galculator | 21 | whitelist ${HOME}/.config/galculator |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 00b830234..3a8c055f2 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -6,8 +6,8 @@ include gapplication.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | deny /usr/libexec | 10 | blacklist /usr/libexec |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 896a100fc..388f4c0df 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | # noexec ${HOME} will break user-local installs of gcloud tooling | 8 | # noexec ${HOME} will break user-local installs of gcloud tooling |
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.boto | 11 | noblacklist ${HOME}/.boto |
12 | nodeny ${HOME}/.config/gcloud | 12 | noblacklist ${HOME}/.config/gcloud |
13 | nodeny /var/run/docker.sock | 13 | noblacklist /var/run/docker.sock |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile index 8f72f0b34..cb39174e5 100644 --- a/etc/profile-a-l/gconf-editor.profile +++ b/etc/profile-a-l/gconf-editor.profile | |||
@@ -7,9 +7,9 @@ include gconf-editor.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | allow /usr/share/gconf-editor | 12 | whitelist /usr/share/gconf-editor |
13 | 13 | ||
14 | ignore x11 none | 14 | ignore x11 none |
15 | 15 | ||
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index 8c7013574..fec1a555a 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -6,9 +6,9 @@ include gconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${HOME}/.config/gconf | 11 | noblacklist ${HOME}/.config/gconf |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/gconf | 25 | mkdir ${HOME}/.config/gconf |
26 | allow ${HOME}/.config/gconf | 26 | whitelist ${HOME}/.config/gconf |
27 | allow /usr/share/GConf | 27 | whitelist /usr/share/GConf |
28 | allow /usr/share/gconf | 28 | whitelist /usr/share/gconf |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 706a85c75..6fdb9b37a 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile | |||
@@ -6,7 +6,7 @@ include geany.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/geany | 9 | noblacklist ${HOME}/.config/geany |
10 | 10 | ||
11 | # Allows files commonly used by IDEs | 11 | # Allows files commonly used by IDEs |
12 | include allow-common-devel.inc | 12 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 512fc1e59..74e135a7c 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -6,14 +6,14 @@ include geary.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/evolution | 9 | noblacklist ${HOME}/.cache/evolution |
10 | nodeny ${HOME}/.cache/folks | 10 | noblacklist ${HOME}/.cache/folks |
11 | nodeny ${HOME}/.cache/geary | 11 | noblacklist ${HOME}/.cache/geary |
12 | nodeny ${HOME}/.config/evolution | 12 | noblacklist ${HOME}/.config/evolution |
13 | nodeny ${HOME}/.config/geary | 13 | noblacklist ${HOME}/.config/geary |
14 | nodeny ${HOME}/.local/share/evolution | 14 | noblacklist ${HOME}/.local/share/evolution |
15 | nodeny ${HOME}/.local/share/geary | 15 | noblacklist ${HOME}/.local/share/geary |
16 | nodeny ${HOME}/.mozilla | 16 | noblacklist ${HOME}/.mozilla |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution | |||
31 | mkdir ${HOME}/.config/geary | 31 | mkdir ${HOME}/.config/geary |
32 | mkdir ${HOME}/.local/share/evolution | 32 | mkdir ${HOME}/.local/share/evolution |
33 | mkdir ${HOME}/.local/share/geary | 33 | mkdir ${HOME}/.local/share/geary |
34 | allow ${DOWNLOADS} | 34 | whitelist ${DOWNLOADS} |
35 | allow ${HOME}/.cache/evolution | 35 | whitelist ${HOME}/.cache/evolution |
36 | allow ${HOME}/.cache/folks | 36 | whitelist ${HOME}/.cache/folks |
37 | allow ${HOME}/.cache/geary | 37 | whitelist ${HOME}/.cache/geary |
38 | allow ${HOME}/.config/evolution | 38 | whitelist ${HOME}/.config/evolution |
39 | allow ${HOME}/.config/geary | 39 | whitelist ${HOME}/.config/geary |
40 | allow ${HOME}/.local/share/evolution | 40 | whitelist ${HOME}/.local/share/evolution |
41 | allow ${HOME}/.local/share/geary | 41 | whitelist ${HOME}/.local/share/geary |
42 | allow ${HOME}/.mozilla/firefox/profiles.ini | 42 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
43 | allow /usr/share/geary | 43 | whitelist /usr/share/geary |
44 | include whitelist-common.inc | 44 | include whitelist-common.inc |
45 | include whitelist-runuser-common.inc | 45 | include whitelist-runuser-common.inc |
46 | include whitelist-usr-share-common.inc | 46 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index f11540374..108b7041d 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile | |||
@@ -6,8 +6,8 @@ include gedit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/enchant | 9 | noblacklist ${HOME}/.config/enchant |
10 | nodeny ${HOME}/.config/gedit | 10 | noblacklist ${HOME}/.config/gedit |
11 | 11 | ||
12 | # Allows files commonly used by IDEs | 12 | # Allows files commonly used by IDEs |
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index 8ec3bbaf9..dd33b3fb5 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile | |||
@@ -6,9 +6,9 @@ include geeqie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/geeqie | 9 | noblacklist ${HOME}/.cache/geeqie |
10 | nodeny ${HOME}/.config/geeqie | 10 | noblacklist ${HOME}/.config/geeqie |
11 | nodeny ${HOME}/.local/share/geeqie | 11 | noblacklist ${HOME}/.local/share/geeqie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index 1661da639..f894a42ca 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -6,10 +6,10 @@ include gfeeds.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/gfeeds | 9 | noblacklist ${HOME}/.cache/gfeeds |
10 | nodeny ${HOME}/.cache/org.gabmus.gfeeds | 10 | noblacklist ${HOME}/.cache/org.gabmus.gfeeds |
11 | nodeny ${HOME}/.config/org.gabmus.gfeeds.json | 11 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.json |
12 | nodeny ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 12 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python3.inc | 15 | include allow-python3.inc |
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds | |||
27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds | 27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds |
28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json | 28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json |
29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
30 | allow ${HOME}/.cache/gfeeds | 30 | whitelist ${HOME}/.cache/gfeeds |
31 | allow ${HOME}/.cache/org.gabmus.gfeeds | 31 | whitelist ${HOME}/.cache/org.gabmus.gfeeds |
32 | allow ${HOME}/.config/org.gabmus.gfeeds.json | 32 | whitelist ${HOME}/.config/org.gabmus.gfeeds.json |
33 | allow ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 33 | whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
34 | allow /usr/libexec/webkit2gtk-4.0 | 34 | whitelist /usr/libexec/webkit2gtk-4.0 |
35 | allow /usr/share/gfeeds | 35 | whitelist /usr/share/gfeeds |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index 06929dbe3..d9c5a0d9a 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -7,8 +7,8 @@ include gget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index 0577fe24f..276ab76df 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -6,10 +6,10 @@ include ghostwriter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ghostwriter | 9 | noblacklist ${HOME}/.config/ghostwriter |
10 | nodeny ${HOME}/.local/share/ghostwriter | 10 | noblacklist ${HOME}/.local/share/ghostwriter |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | nodeny ${PICTURES} | 12 | noblacklist ${PICTURES} |
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
@@ -22,10 +22,10 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | allow /usr/share/ghostwriter | 25 | whitelist /usr/share/ghostwriter |
26 | allow /usr/share/mozilla-dicts | 26 | whitelist /usr/share/mozilla-dicts |
27 | allow /usr/share/texlive | 27 | whitelist /usr/share/texlive |
28 | allow /usr/share/pandoc* | 28 | whitelist /usr/share/pandoc* |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index de9db8d0f..dfc1304d1 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -18,13 +18,13 @@ include globals.local | |||
18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. | 18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. |
19 | ignore noexec ${HOME} | 19 | ignore noexec ${HOME} |
20 | 20 | ||
21 | nodeny ${HOME}/.cache/babl | 21 | noblacklist ${HOME}/.cache/babl |
22 | nodeny ${HOME}/.cache/gegl-0.4 | 22 | noblacklist ${HOME}/.cache/gegl-0.4 |
23 | nodeny ${HOME}/.cache/gimp | 23 | noblacklist ${HOME}/.cache/gimp |
24 | nodeny ${HOME}/.config/GIMP | 24 | noblacklist ${HOME}/.config/GIMP |
25 | nodeny ${HOME}/.gimp* | 25 | noblacklist ${HOME}/.gimp* |
26 | nodeny ${DOCUMENTS} | 26 | noblacklist ${DOCUMENTS} |
27 | nodeny ${PICTURES} | 27 | noblacklist ${PICTURES} |
28 | 28 | ||
29 | include disable-common.inc | 29 | include disable-common.inc |
30 | include disable-exec.inc | 30 | include disable-exec.inc |
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc | |||
33 | include disable-programs.inc | 33 | include disable-programs.inc |
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | allow /usr/share/gegl-0.4 | 36 | whitelist /usr/share/gegl-0.4 |
37 | allow /usr/share/gimp | 37 | whitelist /usr/share/gimp |
38 | allow /usr/share/mypaint-data | 38 | whitelist /usr/share/mypaint-data |
39 | allow /usr/share/lensfun | 39 | whitelist /usr/share/lensfun |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index e601d3ab0..661c3a375 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -7,10 +7,10 @@ include gist.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | nodeny ${HOME}/.gist | 13 | noblacklist ${HOME}/.gist |
14 | 14 | ||
15 | # Allow ruby (blacklisted by disable-interpreters.inc) | 15 | # Allow ruby (blacklisted by disable-interpreters.inc) |
16 | include allow-ruby.inc | 16 | include allow-ruby.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | mkdir ${HOME}/.gist | 26 | mkdir ${HOME}/.gist |
27 | allow ${HOME}/.gist | 27 | whitelist ${HOME}/.gist |
28 | allow ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 74b7506cf..5e4249376 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -8,12 +8,12 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.gitconfig | 11 | noblacklist ${HOME}/.gitconfig |
12 | nodeny ${HOME}/.git-credentials | 12 | noblacklist ${HOME}/.git-credentials |
13 | nodeny ${HOME}/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
14 | nodeny ${HOME}/.subversion | 14 | noblacklist ${HOME}/.subversion |
15 | nodeny ${HOME}/.config/git | 15 | noblacklist ${HOME}/.config/git |
16 | nodeny ${HOME}/.config/git-cola | 16 | noblacklist ${HOME}/.config/git-cola |
17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. | 17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. |
18 | #noblacklist ${HOME}/ | 18 | #noblacklist ${HOME}/ |
19 | 19 | ||
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc | |||
32 | include disable-programs.inc | 32 | include disable-programs.inc |
33 | include disable-xdg.inc | 33 | include disable-xdg.inc |
34 | 34 | ||
35 | allow ${RUNUSER}/gnupg | 35 | whitelist ${RUNUSER}/gnupg |
36 | allow ${RUNUSER}/keyring | 36 | whitelist ${RUNUSER}/keyring |
37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. | 37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. |
38 | allow /usr/share/git | 38 | whitelist /usr/share/git |
39 | allow /usr/share/git-cola | 39 | whitelist /usr/share/git-cola |
40 | allow /usr/share/git-core | 40 | whitelist /usr/share/git-core |
41 | allow /usr/share/git-gui | 41 | whitelist /usr/share/git-gui |
42 | allow /usr/share/gitk | 42 | whitelist /usr/share/gitk |
43 | allow /usr/share/gitweb | 43 | whitelist /usr/share/gitweb |
44 | allow /usr/share/gnupg | 44 | whitelist /usr/share/gnupg |
45 | allow /usr/share/gnupg2 | 45 | whitelist /usr/share/gnupg2 |
46 | include whitelist-runuser-common.inc | 46 | include whitelist-runuser-common.inc |
47 | include whitelist-usr-share-common.inc | 47 | include whitelist-usr-share-common.inc |
48 | include whitelist-var-common.inc | 48 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index 680e91085..bfa0081c6 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -7,33 +7,33 @@ include git.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/git | 10 | noblacklist ${HOME}/.config/git |
11 | nodeny ${HOME}/.config/nano | 11 | noblacklist ${HOME}/.config/nano |
12 | nodeny ${HOME}/.emacs | 12 | noblacklist ${HOME}/.emacs |
13 | nodeny ${HOME}/.emacs.d | 13 | noblacklist ${HOME}/.emacs.d |
14 | nodeny ${HOME}/.gitconfig | 14 | noblacklist ${HOME}/.gitconfig |
15 | nodeny ${HOME}/.git-credentials | 15 | noblacklist ${HOME}/.git-credentials |
16 | nodeny ${HOME}/.gnupg | 16 | noblacklist ${HOME}/.gnupg |
17 | nodeny ${HOME}/.nanorc | 17 | noblacklist ${HOME}/.nanorc |
18 | nodeny ${HOME}/.vim | 18 | noblacklist ${HOME}/.vim |
19 | nodeny ${HOME}/.viminfo | 19 | noblacklist ${HOME}/.viminfo |
20 | 20 | ||
21 | # Allow ssh (blacklisted by disable-common.inc) | 21 | # Allow ssh (blacklisted by disable-common.inc) |
22 | include allow-ssh.inc | 22 | include allow-ssh.inc |
23 | 23 | ||
24 | deny /tmp/.X11-unix | 24 | blacklist /tmp/.X11-unix |
25 | deny ${RUNUSER}/wayland-* | 25 | blacklist ${RUNUSER}/wayland-* |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-exec.inc | 28 | include disable-exec.inc |
29 | include disable-passwdmgr.inc | 29 | include disable-passwdmgr.inc |
30 | include disable-programs.inc | 30 | include disable-programs.inc |
31 | 31 | ||
32 | allow /usr/share/git | 32 | whitelist /usr/share/git |
33 | allow /usr/share/git-core | 33 | whitelist /usr/share/git-core |
34 | allow /usr/share/gitgui | 34 | whitelist /usr/share/gitgui |
35 | allow /usr/share/gitweb | 35 | whitelist /usr/share/gitweb |
36 | allow /usr/share/nano | 36 | whitelist /usr/share/nano |
37 | include whitelist-usr-share-common.inc | 37 | include whitelist-usr-share-common.inc |
38 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
39 | 39 | ||
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index d313b5022..05d7dffa9 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -6,10 +6,10 @@ include gitg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/git | 9 | noblacklist ${HOME}/.config/git |
10 | nodeny ${HOME}/.gitconfig | 10 | noblacklist ${HOME}/.gitconfig |
11 | nodeny ${HOME}/.git-credentials | 11 | noblacklist ${HOME}/.git-credentials |
12 | nodeny ${HOME}/.local/share/gitg | 12 | noblacklist ${HOME}/.local/share/gitg |
13 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
15 | include allow-ssh.inc | 15 | include allow-ssh.inc |
@@ -29,7 +29,7 @@ include disable-programs.inc | |||
29 | #whitelist ${HOME}/.ssh | 29 | #whitelist ${HOME}/.ssh |
30 | #include whitelist-common.inc | 30 | #include whitelist-common.inc |
31 | 31 | ||
32 | allow /usr/share/gitg | 32 | whitelist /usr/share/gitg |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile index 81b534a74..325c54ced 100644 --- a/etc/profile-a-l/github-desktop.profile +++ b/etc/profile-a-l/github-desktop.profile | |||
@@ -22,10 +22,10 @@ ignore apparmor | |||
22 | ignore dbus-user none | 22 | ignore dbus-user none |
23 | ignore dbus-system none | 23 | ignore dbus-system none |
24 | 24 | ||
25 | nodeny ${HOME}/.config/GitHub Desktop | 25 | noblacklist ${HOME}/.config/GitHub Desktop |
26 | nodeny ${HOME}/.config/git | 26 | noblacklist ${HOME}/.config/git |
27 | nodeny ${HOME}/.gitconfig | 27 | noblacklist ${HOME}/.gitconfig |
28 | nodeny ${HOME}/.git-credentials | 28 | noblacklist ${HOME}/.git-credentials |
29 | 29 | ||
30 | # no3d | 30 | # no3d |
31 | nosound | 31 | nosound |
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 2d1694ef7..460e2b990 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -5,8 +5,8 @@ include gitter.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
9 | nodeny ${HOME}/.config/Gitter | 9 | noblacklist ${HOME}/.config/Gitter |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Gitter | 18 | mkdir ${HOME}/.config/Gitter |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.config/autostart | 20 | whitelist ${HOME}/.config/autostart |
21 | allow ${HOME}/.config/Gitter | 21 | whitelist ${HOME}/.config/Gitter |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index e00bb1dbf..ed68b3c2d 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/libgweather | 11 | noblacklist ${HOME}/.cache/libgweather |
12 | nodeny ${HOME}/.cache/org.gnome.Books | 12 | noblacklist ${HOME}/.cache/org.gnome.Books |
13 | nodeny ${HOME}/.config/libreoffice | 13 | noblacklist ${HOME}/.config/libreoffice |
14 | nodeny ${HOME}/.local/share/gnome-photos | 14 | noblacklist ${HOME}/.local/share/gnome-photos |
15 | 15 | ||
16 | # Allow gjs (blacklisted by disable-interpreters.inc) | 16 | # Allow gjs (blacklisted by disable-interpreters.inc) |
17 | include allow-gjs.inc | 17 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index a3236c2be..c8cefc67e 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -6,7 +6,7 @@ include gl-117.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gl-117 | 9 | noblacklist ${HOME}/.gl-117 |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gl-117 | 20 | mkdir ${HOME}/.gl-117 |
21 | allow ${HOME}/.gl-117 | 21 | whitelist ${HOME}/.gl-117 |
22 | allow /usr/share/gl-117 | 22 | whitelist /usr/share/gl-117 |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index ec894a5f3..ee7af0546 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -6,7 +6,7 @@ include glaxium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.glaxiumrc | 9 | noblacklist ${HOME}/.glaxiumrc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.glaxiumrc | 20 | mkfile ${HOME}/.glaxiumrc |
21 | allow ${HOME}/.glaxiumrc | 21 | whitelist ${HOME}/.glaxiumrc |
22 | allow /usr/share/glaxium | 22 | whitelist /usr/share/glaxium |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index e091b811f..14b3ef811 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile | |||
@@ -5,7 +5,7 @@ include globaltime.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/globaltime | 8 | noblacklist ${HOME}/.config/globaltime |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index 79397d28f..b3aad8b2c 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -6,8 +6,8 @@ include gmpc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gmpc | 9 | noblacklist ${HOME}/.config/gmpc |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/gmpc | 20 | mkdir ${HOME}/.config/gmpc |
21 | allow ${HOME}/.config/gmpc | 21 | whitelist ${HOME}/.config/gmpc |
22 | allow ${MUSIC} | 22 | whitelist ${MUSIC} |
23 | allow /usr/share/gmpc | 23 | whitelist /usr/share/gmpc |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile index c723f6e46..777c81dbe 100644 --- a/etc/profile-a-l/gnome-2048.profile +++ b/etc/profile-a-l/gnome-2048.profile | |||
@@ -6,10 +6,10 @@ include gnome-2048.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-2048 | 9 | noblacklist ${HOME}/.local/share/gnome-2048 |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-2048 | 11 | mkdir ${HOME}/.local/share/gnome-2048 |
12 | allow ${HOME}/.local/share/gnome-2048 | 12 | whitelist ${HOME}/.local/share/gnome-2048 |
13 | 13 | ||
14 | private-bin gnome-2048 | 14 | private-bin gnome-2048 |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 2ed5fa76b..34a7f557c 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile | |||
@@ -7,8 +7,8 @@ include globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/org.gnome.Books | 10 | noblacklist ${HOME}/.cache/org.gnome.Books |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index 7dd1c6e22..37ca5aeff 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile | |||
@@ -6,11 +6,11 @@ include gnome-builder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.bash_history | 9 | noblacklist ${HOME}/.bash_history |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/gnome-builder | 11 | noblacklist ${HOME}/.cache/gnome-builder |
12 | nodeny ${HOME}/.config/gnome-builder | 12 | noblacklist ${HOME}/.config/gnome-builder |
13 | nodeny ${HOME}/.local/share/gnome-builder | 13 | noblacklist ${HOME}/.local/share/gnome-builder |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index d91fbaa4b..03acd66aa 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/libgweather | 18 | whitelist /usr/share/libgweather |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index 806d7e571..741fe9bf7 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow /usr/share/org.gnome.Characters | 21 | whitelist /usr/share/org.gnome.Characters |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 095210565..bd39f625c 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -6,8 +6,8 @@ include gnome-chess.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnome-chess | 9 | noblacklist ${HOME}/.config/gnome-chess |
10 | nodeny ${HOME}/.local/share/gnome-chess | 10 | noblacklist ${HOME}/.local/share/gnome-chess |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | #whitelist ${HOME}/.local/share/gnome-chess | 22 | #whitelist ${HOME}/.local/share/gnome-chess |
23 | #include whitelist-common.inc | 23 | #include whitelist-common.inc |
24 | 24 | ||
25 | allow /usr/share/gnuchess | 25 | whitelist /usr/share/gnuchess |
26 | allow /usr/share/gnome-chess | 26 | whitelist /usr/share/gnome-chess |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index 7e2d458fd..1e7c70b84 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -15,8 +15,8 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/gnome-clocks | 18 | whitelist /usr/share/gnome-clocks |
19 | allow /usr/share/libgweather | 19 | whitelist /usr/share/libgweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index 7902fa169..dcc6163b6 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile | |||
@@ -6,7 +6,7 @@ include gnome-contacts.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 0f601149f..29ad67af8 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | nodeny ${HOME}/.config/libreoffice | 11 | noblacklist ${HOME}/.config/libreoffice |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow gjs (blacklisted by disable-interpreters.inc) | 14 | # Allow gjs (blacklisted by disable-interpreters.inc) |
15 | include allow-gjs.inc | 15 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 50c3e2c6f..2db956faf 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -16,7 +16,7 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/mesa_shader_cache | 18 | mkdir ${HOME}/.cache/mesa_shader_cache |
19 | allow /usr/share/gnome-hexgl | 19 | whitelist /usr/share/gnome-hexgl |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 62a5a34ea..25b4c47de 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile | |||
@@ -7,7 +7,7 @@ include gnome-keyring.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gnupg | 20 | mkdir ${HOME}/.gnupg |
21 | allow ${HOME}/.gnupg | 21 | whitelist ${HOME}/.gnupg |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow ${RUNUSER}/gnupg | 23 | whitelist ${RUNUSER}/gnupg |
24 | allow ${RUNUSER}/keyring | 24 | whitelist ${RUNUSER}/keyring |
25 | allow /usr/share/gnupg | 25 | whitelist /usr/share/gnupg |
26 | allow /usr/share/gnupg2 | 26 | whitelist /usr/share/gnupg2 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile index ed074f944..c67a5c0da 100644 --- a/etc/profile-a-l/gnome-klotski.profile +++ b/etc/profile-a-l/gnome-klotski.profile | |||
@@ -6,10 +6,10 @@ include gnome-klotski.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-klotski | 9 | noblacklist ${HOME}/.local/share/gnome-klotski |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-klotski | 11 | mkdir ${HOME}/.local/share/gnome-klotski |
12 | allow ${HOME}/.local/share/gnome-klotski | 12 | whitelist ${HOME}/.local/share/gnome-klotski |
13 | 13 | ||
14 | private-bin gnome-klotski | 14 | private-bin gnome-klotski |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 4a03a7ff5..1a7eafeca 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -6,8 +6,8 @@ include gnome-latex.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnome-latex | 9 | noblacklist ${HOME}/.config/gnome-latex |
10 | nodeny ${HOME}/.local/share/gnome-latex | 10 | noblacklist ${HOME}/.local/share/gnome-latex |
11 | 11 | ||
12 | # Allow perl (blacklisted by disable-interpreters.inc) | 12 | # Allow perl (blacklisted by disable-interpreters.inc) |
13 | include allow-perl.inc | 13 | include allow-perl.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | allow /usr/share/gnome-latex | 22 | whitelist /usr/share/gnome-latex |
23 | allow /usr/share/texlive | 23 | whitelist /usr/share/texlive |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | # May cause issues. | 26 | # May cause issues. |
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index fcc02dc76..9d2ea7b7b 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /var/log/journal | 18 | whitelist /var/log/journal |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile index e21f03efe..42409dce8 100644 --- a/etc/profile-a-l/gnome-mahjongg.profile +++ b/etc/profile-a-l/gnome-mahjongg.profile | |||
@@ -6,7 +6,7 @@ include gnome-mahjongg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | allow /usr/share/gnome-mahjongg | 9 | whitelist /usr/share/gnome-mahjongg |
10 | 10 | ||
11 | private-bin gnome-mahjongg | 11 | private-bin gnome-mahjongg |
12 | 12 | ||
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index cf4eceee3..23aab343f 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -11,14 +11,14 @@ include globals.local | |||
11 | 11 | ||
12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
13 | 13 | ||
14 | nodeny ${HOME}/.cache/champlain | 14 | noblacklist ${HOME}/.cache/champlain |
15 | nodeny ${HOME}/.cache/org.gnome.Maps | 15 | noblacklist ${HOME}/.cache/org.gnome.Maps |
16 | nodeny ${HOME}/.local/share/maps-places.json | 16 | noblacklist ${HOME}/.local/share/maps-places.json |
17 | 17 | ||
18 | # Allow gjs (blacklisted by disable-interpreters.inc) | 18 | # Allow gjs (blacklisted by disable-interpreters.inc) |
19 | include allow-gjs.inc | 19 | include allow-gjs.inc |
20 | 20 | ||
21 | deny /usr/libexec | 21 | blacklist /usr/libexec |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
@@ -31,12 +31,12 @@ include disable-xdg.inc | |||
31 | 31 | ||
32 | mkdir ${HOME}/.cache/champlain | 32 | mkdir ${HOME}/.cache/champlain |
33 | mkfile ${HOME}/.local/share/maps-places.json | 33 | mkfile ${HOME}/.local/share/maps-places.json |
34 | allow ${HOME}/.cache/champlain | 34 | whitelist ${HOME}/.cache/champlain |
35 | allow ${HOME}/.local/share/maps-places.json | 35 | whitelist ${HOME}/.local/share/maps-places.json |
36 | allow ${DOWNLOADS} | 36 | whitelist ${DOWNLOADS} |
37 | allow ${PICTURES} | 37 | whitelist ${PICTURES} |
38 | allow /usr/share/gnome-maps | 38 | whitelist /usr/share/gnome-maps |
39 | allow /usr/share/libgweather | 39 | whitelist /usr/share/libgweather |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-runuser-common.inc | 41 | include whitelist-runuser-common.inc |
42 | include whitelist-usr-share-common.inc | 42 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile index 1b2949bc5..4fe8986c2 100644 --- a/etc/profile-a-l/gnome-mines.profile +++ b/etc/profile-a-l/gnome-mines.profile | |||
@@ -6,11 +6,11 @@ include gnome-mines.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-mines | 9 | noblacklist ${HOME}/.local/share/gnome-mines |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-mines | 11 | mkdir ${HOME}/.local/share/gnome-mines |
12 | allow ${HOME}/.local/share/gnome-mines | 12 | whitelist ${HOME}/.local/share/gnome-mines |
13 | allow /usr/share/gnome-mines | 13 | whitelist /usr/share/gnome-mines |
14 | 14 | ||
15 | private-bin gnome-mines | 15 | private-bin gnome-mines |
16 | 16 | ||
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index c1cbc796a..43fe71f5e 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile | |||
@@ -6,9 +6,9 @@ include gnome-mplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnome-mplayer | 9 | noblacklist ${HOME}/.config/gnome-mplayer |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 8fd0826c4..2fcbe9910 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -6,8 +6,8 @@ include gnome-music.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-music | 9 | noblacklist ${HOME}/.local/share/gnome-music |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index a929582f8..814751db3 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile | |||
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | allow /usr/share/gnome-nettool | 17 | whitelist /usr/share/gnome-nettool |
18 | #include whitelist-common.inc -- see #903 | 18 | #include whitelist-common.inc -- see #903 |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile index d4c037a41..b22810d34 100644 --- a/etc/profile-a-l/gnome-nibbles.profile +++ b/etc/profile-a-l/gnome-nibbles.profile | |||
@@ -9,11 +9,11 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | nodeny ${HOME}/.local/share/gnome-nibbles | 12 | noblacklist ${HOME}/.local/share/gnome-nibbles |
13 | 13 | ||
14 | mkdir ${HOME}/.local/share/gnome-nibbles | 14 | mkdir ${HOME}/.local/share/gnome-nibbles |
15 | allow ${HOME}/.local/share/gnome-nibbles | 15 | whitelist ${HOME}/.local/share/gnome-nibbles |
16 | allow /usr/share/gnome-nibbles | 16 | whitelist /usr/share/gnome-nibbles |
17 | 17 | ||
18 | private-bin gnome-nibbles | 18 | private-bin gnome-nibbles |
19 | 19 | ||
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index d2cf828cc..fee5f88b9 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/*.kdb | 10 | noblacklist ${HOME}/*.kdb |
11 | nodeny ${HOME}/*.kdbx | 11 | noblacklist ${HOME}/*.kdbx |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | deny /usr/libexec | 16 | blacklist /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | allow /usr/share/cracklib | 27 | whitelist /usr/share/cracklib |
28 | allow /usr/share/passwordsafe | 28 | whitelist /usr/share/passwordsafe |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 3702da2c7..58bf3f349 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | nodeny ${HOME}/.local/share/gnome-photos | 11 | noblacklist ${HOME}/.local/share/gnome-photos |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index e9ae2bcb0..41903b136 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -6,7 +6,7 @@ include gnome-pie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnome-pie | 9 | noblacklist ${HOME}/.config/gnome-pie |
10 | 10 | ||
11 | #include disable-common.inc | 11 | #include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index bec23910c..c2ba7556d 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -6,7 +6,7 @@ include gnome-pomodoro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-pomodoro | 9 | noblacklist ${HOME}/.local/share/gnome-pomodoro |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/gnome-pomodoro | 19 | mkdir ${HOME}/.local/share/gnome-pomodoro |
20 | allow ${HOME}/.local/share/gnome-pomodoro | 20 | whitelist ${HOME}/.local/share/gnome-pomodoro |
21 | allow /usr/share/gnome-pomodoro | 21 | whitelist /usr/share/gnome-pomodoro |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 5ef33fdd8..48c98ebe0 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -7,8 +7,8 @@ include gnome-recipes.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | nodeny ${HOME}/.cache/gnome-recipes | 10 | noblacklist ${HOME}/.cache/gnome-recipes |
11 | nodeny ${HOME}/.local/share/gnome-recipes | 11 | noblacklist ${HOME}/.local/share/gnome-recipes |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-shell.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/gnome-recipes | 21 | mkdir ${HOME}/.cache/gnome-recipes |
22 | mkdir ${HOME}/.local/share/gnome-recipes | 22 | mkdir ${HOME}/.local/share/gnome-recipes |
23 | allow ${HOME}/.cache/gnome-recipes | 23 | whitelist ${HOME}/.cache/gnome-recipes |
24 | allow ${HOME}/.local/share/gnome-recipes | 24 | whitelist ${HOME}/.local/share/gnome-recipes |
25 | allow /usr/share/gnome-recipes | 25 | whitelist /usr/share/gnome-recipes |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index b34d264f4..78ceb9c4f 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile | |||
@@ -5,7 +5,7 @@ include gnome-ring.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.local/share/gnome-ring | 8 | noblacklist ${HOME}/.local/share/gnome-ring |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile index 836d4e2b2..8835f2b93 100644 --- a/etc/profile-a-l/gnome-robots.profile +++ b/etc/profile-a-l/gnome-robots.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | allow /usr/share/gnome-robots | 12 | whitelist /usr/share/gnome-robots |
13 | 13 | ||
14 | private-bin gnome-robots | 14 | private-bin gnome-robots |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 146f8bc4e..69c90b33d 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile | |||
@@ -6,17 +6,17 @@ include gnome-schedule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gnome/gnome-schedule | 9 | noblacklist ${HOME}/.gnome/gnome-schedule |
10 | 10 | ||
11 | # Needs at and crontab to read/write user cron | 11 | # Needs at and crontab to read/write user cron |
12 | nodeny ${PATH}/at | 12 | noblacklist ${PATH}/at |
13 | nodeny ${PATH}/crontab | 13 | noblacklist ${PATH}/crontab |
14 | 14 | ||
15 | # Needs access to these files/dirs | 15 | # Needs access to these files/dirs |
16 | nodeny /etc/cron.allow | 16 | noblacklist /etc/cron.allow |
17 | nodeny /etc/cron.deny | 17 | noblacklist /etc/cron.deny |
18 | nodeny /etc/shadow | 18 | noblacklist /etc/shadow |
19 | nodeny /var/spool/cron | 19 | noblacklist /var/spool/cron |
20 | 20 | ||
21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) | 21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) |
22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality | 22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality |
@@ -34,10 +34,10 @@ include disable-programs.inc | |||
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | mkfile ${HOME}/.gnome/gnome-schedule | 36 | mkfile ${HOME}/.gnome/gnome-schedule |
37 | allow ${HOME}/.gnome/gnome-schedule | 37 | whitelist ${HOME}/.gnome/gnome-schedule |
38 | allow /usr/share/gnome-schedule | 38 | whitelist /usr/share/gnome-schedule |
39 | allow /var/spool/atd | 39 | whitelist /var/spool/atd |
40 | allow /var/spool/cron | 40 | whitelist /var/spool/cron |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index 175549e99..b683b6f6c 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -6,8 +6,8 @@ include gnome-screenshot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | nodeny ${HOME}/.cache/gnome-screenshot | 10 | noblacklist ${HOME}/.cache/gnome-screenshot |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index c2fb14fa4..34f5fdeff 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | nodeny ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
11 | 11 | ||
12 | # Allow gjs (blacklisted by disable-interpreters.inc) | 12 | # Allow gjs (blacklisted by disable-interpreters.inc) |
13 | include allow-gjs.inc | 13 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile index 3b7835e52..12fd48a86 100644 --- a/etc/profile-a-l/gnome-sudoku.profile +++ b/etc/profile-a-l/gnome-sudoku.profile | |||
@@ -6,10 +6,10 @@ include gnome-sudoku.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-sudoku | 9 | noblacklist ${HOME}/.local/share/gnome-sudoku |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-sudoku | 11 | mkdir ${HOME}/.local/share/gnome-sudoku |
12 | allow ${HOME}/.local/share/gnome-sudoku | 12 | whitelist ${HOME}/.local/share/gnome-sudoku |
13 | 13 | ||
14 | private-bin gnome-sudoku | 14 | private-bin gnome-sudoku |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index 6978f7cab..8a818695d 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /var/log | 18 | whitelist /var/log |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile index ac87cf70f..2341334f7 100644 --- a/etc/profile-a-l/gnome-taquin.profile +++ b/etc/profile-a-l/gnome-taquin.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | allow /usr/share/gnome-taquin | 12 | whitelist /usr/share/gnome-taquin |
13 | 13 | ||
14 | private-bin gnome-taquin | 14 | private-bin gnome-taquin |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 092fd58a3..3b147cd48 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow /usr/share/gnome-todo | 21 | whitelist /usr/share/gnome-todo |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index d76872ea6..b8ec195d3 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile | |||
@@ -6,8 +6,8 @@ include gnome-twitch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/gnome-twitch | 9 | noblacklist ${HOME}/.cache/gnome-twitch |
10 | nodeny ${HOME}/.local/share/gnome-twitch | 10 | noblacklist ${HOME}/.local/share/gnome-twitch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gnome-twitch | 19 | mkdir ${HOME}/.cache/gnome-twitch |
20 | mkdir ${HOME}/.local/share/gnome-twitch | 20 | mkdir ${HOME}/.local/share/gnome-twitch |
21 | allow ${HOME}/.cache/gnome-twitch | 21 | whitelist ${HOME}/.cache/gnome-twitch |
22 | allow ${HOME}/.local/share/gnome-twitch | 22 | whitelist ${HOME}/.local/share/gnome-twitch |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index 6f557ff8d..2e08fa41d 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/libgweather | 11 | noblacklist ${HOME}/.cache/libgweather |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index 261efefac..c3014a288 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -6,8 +6,8 @@ include gnote.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnote | 9 | noblacklist ${HOME}/.config/gnote |
10 | nodeny ${HOME}/.local/share/gnote | 10 | noblacklist ${HOME}/.local/share/gnote |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/gnote | 21 | mkdir ${HOME}/.config/gnote |
22 | mkdir ${HOME}/.local/share/gnote | 22 | mkdir ${HOME}/.local/share/gnote |
23 | allow ${HOME}/.config/gnote | 23 | whitelist ${HOME}/.config/gnote |
24 | allow ${HOME}/.local/share/gnote | 24 | whitelist ${HOME}/.local/share/gnote |
25 | allow /usr/share/gnote | 25 | whitelist /usr/share/gnote |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index e6fbca26f..22851ce9f 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/gnubik | 18 | whitelist /usr/share/gnubik |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index f35a53ca4..09ca17caa 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -6,9 +6,9 @@ include godot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/godot | 9 | noblacklist ${HOME}/.cache/godot |
10 | nodeny ${HOME}/.config/godot | 10 | noblacklist ${HOME}/.config/godot |
11 | nodeny ${HOME}/.local/share/godot | 11 | noblacklist ${HOME}/.local/share/godot |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 95dd41c2a..8399d77c4 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile | |||
@@ -6,7 +6,7 @@ include goobox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile index 07f0e587d..ebe5e870b 100644 --- a/etc/profile-a-l/google-chrome-beta.profile +++ b/etc/profile-a-l/google-chrome-beta.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/google-chrome-beta | 13 | noblacklist ${HOME}/.cache/google-chrome-beta |
14 | nodeny ${HOME}/.config/google-chrome-beta | 14 | noblacklist ${HOME}/.config/google-chrome-beta |
15 | 15 | ||
16 | nodeny ${HOME}/.config/chrome-beta-flags.conf | 16 | noblacklist ${HOME}/.config/chrome-beta-flags.conf |
17 | nodeny ${HOME}/.config/chrome-beta-flags.config | 17 | noblacklist ${HOME}/.config/chrome-beta-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-beta | 19 | mkdir ${HOME}/.cache/google-chrome-beta |
20 | mkdir ${HOME}/.config/google-chrome-beta | 20 | mkdir ${HOME}/.config/google-chrome-beta |
21 | allow ${HOME}/.cache/google-chrome-beta | 21 | whitelist ${HOME}/.cache/google-chrome-beta |
22 | allow ${HOME}/.config/google-chrome-beta | 22 | whitelist ${HOME}/.config/google-chrome-beta |
23 | 23 | ||
24 | allow ${HOME}/.config/chrome-beta-flags.conf | 24 | whitelist ${HOME}/.config/chrome-beta-flags.conf |
25 | allow ${HOME}/.config/chrome-beta-flags.config | 25 | whitelist ${HOME}/.config/chrome-beta-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile index 229904411..4d303f71b 100644 --- a/etc/profile-a-l/google-chrome-unstable.profile +++ b/etc/profile-a-l/google-chrome-unstable.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/google-chrome-unstable | 13 | noblacklist ${HOME}/.cache/google-chrome-unstable |
14 | nodeny ${HOME}/.config/google-chrome-unstable | 14 | noblacklist ${HOME}/.config/google-chrome-unstable |
15 | 15 | ||
16 | nodeny ${HOME}/.config/chrome-unstable-flags.conf | 16 | noblacklist ${HOME}/.config/chrome-unstable-flags.conf |
17 | nodeny ${HOME}/.config/chrome-unstable-flags.config | 17 | noblacklist ${HOME}/.config/chrome-unstable-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-unstable | 19 | mkdir ${HOME}/.cache/google-chrome-unstable |
20 | mkdir ${HOME}/.config/google-chrome-unstable | 20 | mkdir ${HOME}/.config/google-chrome-unstable |
21 | allow ${HOME}/.cache/google-chrome-unstable | 21 | whitelist ${HOME}/.cache/google-chrome-unstable |
22 | allow ${HOME}/.config/google-chrome-unstable | 22 | whitelist ${HOME}/.config/google-chrome-unstable |
23 | 23 | ||
24 | allow ${HOME}/.config/chrome-unstable-flags.conf | 24 | whitelist ${HOME}/.config/chrome-unstable-flags.conf |
25 | allow ${HOME}/.config/chrome-unstable-flags.config | 25 | whitelist ${HOME}/.config/chrome-unstable-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile index f61642f17..ed2595f72 100644 --- a/etc/profile-a-l/google-chrome.profile +++ b/etc/profile-a-l/google-chrome.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/google-chrome | 13 | noblacklist ${HOME}/.cache/google-chrome |
14 | nodeny ${HOME}/.config/google-chrome | 14 | noblacklist ${HOME}/.config/google-chrome |
15 | 15 | ||
16 | nodeny ${HOME}/.config/chrome-flags.conf | 16 | noblacklist ${HOME}/.config/chrome-flags.conf |
17 | nodeny ${HOME}/.config/chrome-flags.config | 17 | noblacklist ${HOME}/.config/chrome-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome | 19 | mkdir ${HOME}/.cache/google-chrome |
20 | mkdir ${HOME}/.config/google-chrome | 20 | mkdir ${HOME}/.config/google-chrome |
21 | allow ${HOME}/.cache/google-chrome | 21 | whitelist ${HOME}/.cache/google-chrome |
22 | allow ${HOME}/.config/google-chrome | 22 | whitelist ${HOME}/.config/google-chrome |
23 | 23 | ||
24 | allow ${HOME}/.config/chrome-flags.conf | 24 | whitelist ${HOME}/.config/chrome-flags.conf |
25 | allow ${HOME}/.config/chrome-flags.config | 25 | whitelist ${HOME}/.config/chrome-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 6039f7cbd..65ac04771 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile | |||
@@ -5,8 +5,8 @@ include google-earth.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Google | 8 | noblacklist ${HOME}/.config/Google |
9 | nodeny ${HOME}/.googleearth | 9 | noblacklist ${HOME}/.googleearth |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/.config/Google | 18 | mkdir ${HOME}/.config/Google |
19 | mkdir ${HOME}/.googleearth | 19 | mkdir ${HOME}/.googleearth |
20 | allow ${HOME}/.config/Google | 20 | whitelist ${HOME}/.config/Google |
21 | allow ${HOME}/.googleearth | 21 | whitelist ${HOME}/.googleearth |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index fdb65b93c..a7aabe105 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | # noexec /tmp breaks mpris support | 8 | # noexec /tmp breaks mpris support |
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | nodeny ${HOME}/.config/Google Play Music Desktop Player | 11 | noblacklist ${HOME}/.config/Google Play Music Desktop Player |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | mkdir ${HOME}/.config/Google Play Music Desktop Player | 20 | mkdir ${HOME}/.config/Google Play Music Desktop Player |
21 | # whitelist ${HOME}/.config/pulse | 21 | # whitelist ${HOME}/.config/pulse |
22 | # whitelist ${HOME}/.pulse | 22 | # whitelist ${HOME}/.pulse |
23 | allow ${HOME}/.config/Google Play Music Desktop Player | 23 | whitelist ${HOME}/.config/Google Play Music Desktop Player |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 952c9c1d4..2d0bce52b 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -7,10 +7,10 @@ include googler-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | nodeny ${HOME}/.w3m | 13 | noblacklist ${HOME}/.w3m |
14 | 14 | ||
15 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 15 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
16 | include allow-bin-sh.inc | 16 | include allow-bin-sh.inc |
@@ -26,7 +26,7 @@ include disable-programs.inc | |||
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | allow ${HOME}/.w3m | 29 | whitelist ${HOME}/.w3m |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 9b8da361b..37b4f0b1c 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile | |||
@@ -6,7 +6,7 @@ include gpa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 5fa66bb55..7f0b614b1 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile | |||
@@ -7,10 +7,10 @@ include gpg-agent.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,11 +20,11 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.gnupg | 22 | mkdir ${HOME}/.gnupg |
23 | allow ${HOME}/.gnupg | 23 | whitelist ${HOME}/.gnupg |
24 | allow ${RUNUSER}/gnupg | 24 | whitelist ${RUNUSER}/gnupg |
25 | allow ${RUNUSER}/keyring | 25 | whitelist ${RUNUSER}/keyring |
26 | allow /usr/share/gnupg | 26 | whitelist /usr/share/gnupg |
27 | allow /usr/share/gnupg2 | 27 | whitelist /usr/share/gnupg2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index 2ad896abe..4a4d6527c 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile | |||
@@ -7,10 +7,10 @@ include gpg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -18,11 +18,11 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | allow ${RUNUSER}/gnupg | 21 | whitelist ${RUNUSER}/gnupg |
22 | allow ${RUNUSER}/keyring | 22 | whitelist ${RUNUSER}/keyring |
23 | allow /usr/share/gnupg | 23 | whitelist /usr/share/gnupg |
24 | allow /usr/share/gnupg2 | 24 | whitelist /usr/share/gnupg2 |
25 | allow /usr/share/pacman/keyrings | 25 | whitelist /usr/share/pacman/keyrings |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index 0552dc3d7..fa53c26c8 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -6,7 +6,7 @@ include gpicview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gpicview | 9 | noblacklist ${HOME}/.config/gpicview |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | allow /usr/share/gpicview | 19 | whitelist /usr/share/gpicview |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index c9e62a73f..253d644f1 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -6,7 +6,7 @@ include gpredict.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Gpredict | 9 | noblacklist ${HOME}/.config/Gpredict |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/Gpredict | 19 | mkdir ${HOME}/.config/Gpredict |
20 | allow ${HOME}/.config/Gpredict | 20 | whitelist ${HOME}/.config/Gpredict |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 2aebe2338..2b4c536d2 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -5,8 +5,8 @@ include gradio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/gradio | 8 | noblacklist ${HOME}/.cache/gradio |
9 | nodeny ${HOME}/.local/share/gradio | 9 | noblacklist ${HOME}/.local/share/gradio |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gradio | 19 | mkdir ${HOME}/.cache/gradio |
20 | mkdir ${HOME}/.local/share/gradio | 20 | mkdir ${HOME}/.local/share/gradio |
21 | allow ${HOME}/.cache/gradio | 21 | whitelist ${HOME}/.cache/gradio |
22 | allow ${HOME}/.local/share/gradio | 22 | whitelist ${HOME}/.local/share/gradio |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index 53f0baccb..c7e0c2977 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile | |||
@@ -6,7 +6,7 @@ include gramps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gramps | 9 | noblacklist ${HOME}/.gramps |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | #include allow-python2.inc | 12 | #include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.gramps | 23 | mkdir ${HOME}/.gramps |
24 | allow ${HOME}/.gramps | 24 | whitelist ${HOME}/.gramps |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index ecc871c2e..890ba2560 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/gravity-beams-and-evaporating-stars | 18 | whitelist /usr/share/gravity-beams-and-evaporating-stars |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index 9a4f7b4fb..5927e8c4d 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile | |||
@@ -6,9 +6,9 @@ include gthumb.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gthumb | 9 | noblacklist ${HOME}/.config/gthumb |
10 | nodeny ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | nodeny ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index d6bb9902a..c8addae75 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile index 8241de43a..787c7bd90 100644 --- a/etc/profile-a-l/gtk2-youtube-viewer.profile +++ b/etc/profile-a-l/gtk2-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | nodeny /tmp/.X11-unix | 11 | noblacklist /tmp/.X11-unix |
12 | nodeny ${RUNUSER} | 12 | noblacklist ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile index 6ea4ebbdc..988882622 100644 --- a/etc/profile-a-l/gtk3-youtube-viewer.profile +++ b/etc/profile-a-l/gtk3-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | nodeny /tmp/.X11-unix | 11 | noblacklist /tmp/.X11-unix |
12 | nodeny ${RUNUSER} | 12 | noblacklist ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 731bcad1d..3d2b71e9d 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile | |||
@@ -5,8 +5,8 @@ include guayadeque.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.guayadeque | 8 | noblacklist ${HOME}/.guayadeque |
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile index 5cdc2cc18..2223c37a1 100644 --- a/etc/profile-a-l/gummi.profile +++ b/etc/profile-a-l/gummi.profile | |||
@@ -5,8 +5,8 @@ include gummi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/gummi | 8 | noblacklist ${HOME}/.cache/gummi |
9 | nodeny ${HOME}/.config/gummi | 9 | noblacklist ${HOME}/.config/gummi |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index 3404f5177..9221ca31c 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile | |||
@@ -6,10 +6,10 @@ include guvcview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/guvcview2 | 9 | noblacklist ${HOME}/.config/guvcview2 |
10 | 10 | ||
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | nodeny ${VIDEOS} | 12 | noblacklist ${VIDEOS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/guvcview2 | 23 | mkdir ${HOME}/.config/guvcview2 |
24 | allow ${HOME}/.config/guvcview2 | 24 | whitelist ${HOME}/.config/guvcview2 |
25 | allow ${PICTURES} | 25 | whitelist ${PICTURES} |
26 | allow ${VIDEOS} | 26 | whitelist ${VIDEOS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index 132b5a2e2..d33e2a673 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -6,17 +6,17 @@ include gwenview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/GIMP | 9 | noblacklist ${HOME}/.config/GIMP |
10 | nodeny ${HOME}/.config/gwenviewrc | 10 | noblacklist ${HOME}/.config/gwenviewrc |
11 | nodeny ${HOME}/.config/org.kde.gwenviewrc | 11 | noblacklist ${HOME}/.config/org.kde.gwenviewrc |
12 | nodeny ${HOME}/.gimp* | 12 | noblacklist ${HOME}/.gimp* |
13 | nodeny ${HOME}/.kde/share/apps/gwenview | 13 | noblacklist ${HOME}/.kde/share/apps/gwenview |
14 | nodeny ${HOME}/.kde/share/config/gwenviewrc | 14 | noblacklist ${HOME}/.kde/share/config/gwenviewrc |
15 | nodeny ${HOME}/.kde4/share/apps/gwenview | 15 | noblacklist ${HOME}/.kde4/share/apps/gwenview |
16 | nodeny ${HOME}/.kde4/share/config/gwenviewrc | 16 | noblacklist ${HOME}/.kde4/share/config/gwenviewrc |
17 | nodeny ${HOME}/.local/share/gwenview | 17 | noblacklist ${HOME}/.local/share/gwenview |
18 | nodeny ${HOME}/.local/share/kxmlgui5/gwenview | 18 | noblacklist ${HOME}/.local/share/kxmlgui5/gwenview |
19 | nodeny ${HOME}/.local/share/org.kde.gwenview | 19 | noblacklist ${HOME}/.local/share/org.kde.gwenview |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile index 46c98bdc2..b261c16f4 100644 --- a/etc/profile-a-l/gzip.profile +++ b/etc/profile-a-l/gzip.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
11 | # all capabilities this is automatically read-only. | 11 | # all capabilities this is automatically read-only. |
12 | nodeny /var/lib/pacman | 12 | noblacklist /var/lib/pacman |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include archiver-common.profile | 15 | include archiver-common.profile |
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index c102ac4cb..847e1ec1e 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile | |||
@@ -6,9 +6,9 @@ include handbrake.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ghb | 9 | noblacklist ${HOME}/.config/ghb |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index d98a1b554..aab4b0c21 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile | |||
@@ -7,11 +7,11 @@ include hashcat.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | nodeny ${HOME}/.hashcat | 12 | noblacklist ${HOME}/.hashcat |
13 | nodeny /usr/include | 13 | noblacklist /usr/include |
14 | nodeny ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index 1c2a44e06..44584f26b 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile | |||
@@ -4,7 +4,7 @@ include hasher-common.local | |||
4 | 4 | ||
5 | # common profile for hasher/checksum tools | 5 | # common profile for hasher/checksum tools |
6 | 6 | ||
7 | deny ${RUNUSER} | 7 | blacklist ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local | 9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local |
10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** | 10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** |
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index 90833af91..c0675d8ec 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile | |||
@@ -6,7 +6,7 @@ include hedgewars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.hedgewars | 9 | noblacklist ${HOME}/.hedgewars |
10 | 10 | ||
11 | include allow-lua.inc | 11 | include allow-lua.inc |
12 | 12 | ||
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.hedgewars | 19 | mkdir ${HOME}/.hedgewars |
20 | allow ${HOME}/.hedgewars | 20 | whitelist ${HOME}/.hedgewars |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index 993efb591..b887de147 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile | |||
@@ -6,7 +6,7 @@ include hexchat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/hexchat | 9 | noblacklist ${HOME}/.config/hexchat |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
@@ -28,7 +28,7 @@ include disable-shell.inc | |||
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | mkdir ${HOME}/.config/hexchat | 30 | mkdir ${HOME}/.config/hexchat |
31 | allow ${HOME}/.config/hexchat | 31 | whitelist ${HOME}/.config/hexchat |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 53db642dc..643736ac7 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile | |||
@@ -6,7 +6,7 @@ include highlight.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER} | 9 | blacklist ${RUNUSER} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index ef259cc00..199b1a5e5 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile | |||
@@ -6,7 +6,7 @@ include homebank.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/homebank | 9 | noblacklist ${HOME}/.config/homebank |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/homebank | 20 | mkdir ${HOME}/.config/homebank |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow ${HOME}/.config/homebank | 22 | whitelist ${HOME}/.config/homebank |
23 | allow /usr/share/homebank | 23 | whitelist /usr/share/homebank |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 63e1be259..00d9f7a76 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile | |||
@@ -7,8 +7,8 @@ include host.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | nodeny ${PATH}/host | 11 | noblacklist ${PATH}/host |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index db5cd29cc..267712c87 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile | |||
@@ -6,9 +6,9 @@ include hugin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.hugin | 9 | noblacklist ${HOME}/.hugin |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index 1fb33ceb8..e66ffd7e1 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -6,7 +6,7 @@ include hyperrogue.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/hyperrogue.ini | 9 | noblacklist ${HOME}/hyperrogue.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/hyperrogue.ini | 20 | mkfile ${HOME}/hyperrogue.ini |
21 | allow ${HOME}/hyperrogue.ini | 21 | whitelist ${HOME}/hyperrogue.ini |
22 | allow /usr/share/hyperrogue | 22 | whitelist /usr/share/hyperrogue |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index c8a2e8a04..47c984175 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile | |||
@@ -14,12 +14,12 @@ include globals.local | |||
14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). | 14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | nodeny ${HOME}/.config/i2p | 17 | noblacklist ${HOME}/.config/i2p |
18 | nodeny ${HOME}/.i2p | 18 | noblacklist ${HOME}/.i2p |
19 | nodeny ${HOME}/.local/share/i2p | 19 | noblacklist ${HOME}/.local/share/i2p |
20 | nodeny ${HOME}/i2p | 20 | noblacklist ${HOME}/i2p |
21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
22 | nodeny /usr/sbin | 22 | noblacklist /usr/sbin |
23 | 23 | ||
24 | # Allow java (blacklisted by disable-devel.inc) | 24 | # Allow java (blacklisted by disable-devel.inc) |
25 | include allow-java.inc | 25 | include allow-java.inc |
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p | |||
36 | mkdir ${HOME}/.i2p | 36 | mkdir ${HOME}/.i2p |
37 | mkdir ${HOME}/.local/share/i2p | 37 | mkdir ${HOME}/.local/share/i2p |
38 | mkdir ${HOME}/i2p | 38 | mkdir ${HOME}/i2p |
39 | allow ${HOME}/.config/i2p | 39 | whitelist ${HOME}/.config/i2p |
40 | allow ${HOME}/.i2p | 40 | whitelist ${HOME}/.i2p |
41 | allow ${HOME}/.local/share/i2p | 41 | whitelist ${HOME}/.local/share/i2p |
42 | allow ${HOME}/i2p | 42 | whitelist ${HOME}/i2p |
43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
44 | allow /usr/sbin/wrapper* | 44 | whitelist /usr/sbin/wrapper* |
45 | 45 | ||
46 | include whitelist-common.inc | 46 | include whitelist-common.inc |
47 | 47 | ||
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index 95ddad221..e96b1843c 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile | |||
@@ -7,7 +7,7 @@ include i3.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in i3 will run in this profile | 9 | # all applications started in i3 will run in this profile |
10 | nodeny ${HOME}/.config/i3 | 10 | noblacklist ${HOME}/.config/i3 |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile index 0de2f658b..660343a29 100644 --- a/etc/profile-a-l/icecat.profile +++ b/etc/profile-a-l/icecat.profile | |||
@@ -5,13 +5,13 @@ include icecat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | nodeny ${HOME}/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/icecat | 11 | mkdir ${HOME}/.cache/mozilla/icecat |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | allow ${HOME}/.cache/mozilla/icecat | 13 | whitelist ${HOME}/.cache/mozilla/icecat |
14 | allow ${HOME}/.mozilla | 14 | whitelist ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc icecat | 17 | #private-etc icecat |
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile index 0c22d87d0..19690cd5a 100644 --- a/etc/profile-a-l/icedove.profile +++ b/etc/profile-a-l/icedove.profile | |||
@@ -9,16 +9,16 @@ include icedove.local | |||
9 | # Users have icedove set to open a browser by clicking a link in an email | 9 | # Users have icedove set to open a browser by clicking a link in an email |
10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
11 | 11 | ||
12 | nodeny ${HOME}/.cache/icedove | 12 | noblacklist ${HOME}/.cache/icedove |
13 | nodeny ${HOME}/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
14 | nodeny ${HOME}/.icedove | 14 | noblacklist ${HOME}/.icedove |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/icedove | 16 | mkdir ${HOME}/.cache/icedove |
17 | mkdir ${HOME}/.gnupg | 17 | mkdir ${HOME}/.gnupg |
18 | mkdir ${HOME}/.icedove | 18 | mkdir ${HOME}/.icedove |
19 | allow ${HOME}/.cache/icedove | 19 | whitelist ${HOME}/.cache/icedove |
20 | allow ${HOME}/.gnupg | 20 | whitelist ${HOME}/.gnupg |
21 | allow ${HOME}/.icedove | 21 | whitelist ${HOME}/.icedove |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | ignore private-tmp | 24 | ignore private-tmp |
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 180b62ec2..680b8e777 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile | |||
@@ -5,12 +5,12 @@ include idea.sh.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.IdeaIC* | 8 | noblacklist ${HOME}/.IdeaIC* |
9 | nodeny ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
10 | nodeny ${HOME}/.jack-server | 10 | noblacklist ${HOME}/.jack-server |
11 | nodeny ${HOME}/.jack-settings | 11 | noblacklist ${HOME}/.jack-settings |
12 | nodeny ${HOME}/.local/share/JetBrains | 12 | noblacklist ${HOME}/.local/share/JetBrains |
13 | nodeny ${HOME}/.tooling | 13 | noblacklist ${HOME}/.tooling |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 5d28e7aca..12ce7976b 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile | |||
@@ -6,7 +6,7 @@ include imagej.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.imagej | 9 | noblacklist ${HOME}/.imagej |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index 70d56a7dc..c26958d06 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile | |||
@@ -5,10 +5,10 @@ include img2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | deny ${RUNUSER}/wayland-* | 8 | blacklist ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow /usr/share/imlib2 | 21 | whitelist /usr/share/imlib2 |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index 4914cd9d0..c152be01c 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile | |||
@@ -6,9 +6,9 @@ include impressive.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny /sbin | 10 | noblacklist /sbin |
11 | nodeny /usr/sbin | 11 | noblacklist /usr/sbin |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.cache/mesa_shader_cache | 25 | mkdir ${HOME}/.cache/mesa_shader_cache |
26 | allow /usr/share/opengl-games-utils | 26 | whitelist /usr/share/opengl-games-utils |
27 | allow /usr/share/zenity | 27 | whitelist /usr/share/zenity |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index 1a949b300..35dd86b32 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -6,14 +6,14 @@ include inkscape.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/inkscape | 9 | noblacklist ${HOME}/.cache/inkscape |
10 | nodeny ${HOME}/.config/inkscape | 10 | noblacklist ${HOME}/.config/inkscape |
11 | nodeny ${HOME}/.inkscape | 11 | noblacklist ${HOME}/.inkscape |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | nodeny ${PICTURES} | 13 | noblacklist ${PICTURES} |
14 | # Allow exporting .xcf files | 14 | # Allow exporting .xcf files |
15 | nodeny ${HOME}/.config/GIMP | 15 | noblacklist ${HOME}/.config/GIMP |
16 | nodeny ${HOME}/.gimp* | 16 | noblacklist ${HOME}/.gimp* |
17 | 17 | ||
18 | 18 | ||
19 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc | |||
28 | include disable-programs.inc | 28 | include disable-programs.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | allow /usr/share/inkscape | 31 | whitelist /usr/share/inkscape |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile index 1591ed7ea..a5cac12f2 100644 --- a/etc/profile-a-l/inox.profile +++ b/etc/profile-a-l/inox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/inox | 13 | noblacklist ${HOME}/.cache/inox |
14 | nodeny ${HOME}/.config/inox | 14 | noblacklist ${HOME}/.config/inox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/inox | 16 | mkdir ${HOME}/.cache/inox |
17 | mkdir ${HOME}/.config/inox | 17 | mkdir ${HOME}/.config/inox |
18 | allow ${HOME}/.cache/inox | 18 | whitelist ${HOME}/.cache/inox |
19 | allow ${HOME}/.config/inox | 19 | whitelist ${HOME}/.config/inox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile index f361fd663..3037d00e9 100644 --- a/etc/profile-a-l/iridium.profile +++ b/etc/profile-a-l/iridium.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/iridium | 13 | noblacklist ${HOME}/.cache/iridium |
14 | nodeny ${HOME}/.config/iridium | 14 | noblacklist ${HOME}/.config/iridium |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/iridium | 16 | mkdir ${HOME}/.cache/iridium |
17 | mkdir ${HOME}/.config/iridium | 17 | mkdir ${HOME}/.config/iridium |
18 | allow ${HOME}/.cache/iridium | 18 | whitelist ${HOME}/.cache/iridium |
19 | allow ${HOME}/.config/iridium | 19 | whitelist ${HOME}/.config/iridium |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index fa0bcf986..e02dcbdb1 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | # itch.io has native firejail/sandboxing support bundled in | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html |
10 | 10 | ||
11 | nodeny ${HOME}/.itch | 11 | noblacklist ${HOME}/.itch |
12 | nodeny ${HOME}/.config/itch | 12 | noblacklist ${HOME}/.config/itch |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.itch | 20 | mkdir ${HOME}/.itch |
21 | mkdir ${HOME}/.config/itch | 21 | mkdir ${HOME}/.config/itch |
22 | allow ${HOME}/.itch | 22 | whitelist ${HOME}/.itch |
23 | allow ${HOME}/.config/itch | 23 | whitelist ${HOME}/.config/itch |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index e4be574df..3e9abf369 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile | |||
@@ -6,8 +6,8 @@ include jami-gnome.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/jami | 9 | noblacklist ${HOME}/.config/jami |
10 | nodeny ${HOME}/.local/share/jami | 10 | noblacklist ${HOME}/.local/share/jami |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/jami | 19 | mkdir ${HOME}/.config/jami |
20 | mkdir ${HOME}/.local/share/jami | 20 | mkdir ${HOME}/.local/share/jami |
21 | allow ${HOME}/.config/jami | 21 | whitelist ${HOME}/.config/jami |
22 | allow ${HOME}/.local/share/jami | 22 | whitelist ${HOME}/.local/share/jami |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index bfea84c69..7d29f1068 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile | |||
@@ -5,7 +5,7 @@ include jd-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/jd-gui.cfg | 8 | noblacklist ${HOME}/.config/jd-gui.cfg |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index c41027618..85b1f2120 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -6,7 +6,7 @@ include jerry.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/dkl | 9 | noblacklist ${HOME}/.config/dkl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile index 9ca30c36d..edb7ed840 100644 --- a/etc/profile-a-l/jitsi-meet-desktop.profile +++ b/etc/profile-a-l/jitsi-meet-desktop.profile | |||
@@ -13,12 +13,12 @@ ignore shell none | |||
13 | 13 | ||
14 | ignore noexec /tmp | 14 | ignore noexec /tmp |
15 | 15 | ||
16 | nodeny ${HOME}/.config/Jitsi Meet | 16 | noblacklist ${HOME}/.config/Jitsi Meet |
17 | 17 | ||
18 | noallow ${DOWNLOADS} | 18 | nowhitelist ${DOWNLOADS} |
19 | 19 | ||
20 | mkdir ${HOME}/.config/Jitsi Meet | 20 | mkdir ${HOME}/.config/Jitsi Meet |
21 | allow ${HOME}/.config/Jitsi Meet | 21 | whitelist ${HOME}/.config/Jitsi Meet |
22 | 22 | ||
23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh | 23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh |
24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg |
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index f53e6ca32..223c360b8 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile | |||
@@ -5,7 +5,7 @@ include jitsi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.jitsi | 8 | noblacklist ${HOME}/.jitsi |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index c0a78ecc0..9954b8aea 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -6,7 +6,7 @@ include jumpnbump.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.jumpnbump | 9 | noblacklist ${HOME}/.jumpnbump |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.jumpnbump | 19 | mkdir ${HOME}/.jumpnbump |
20 | allow ${HOME}/.jumpnbump | 20 | whitelist ${HOME}/.jumpnbump |
21 | allow /usr/share/jumpnbump | 21 | whitelist /usr/share/jumpnbump |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index 73ce8670f..5ae90dff6 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile | |||
@@ -6,11 +6,11 @@ include k3b.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/k3brc | 9 | noblacklist ${HOME}/.config/k3brc |
10 | nodeny ${HOME}/.kde/share/config/k3brc | 10 | noblacklist ${HOME}/.kde/share/config/k3brc |
11 | nodeny ${HOME}/.kde4/share/config/k3brc | 11 | noblacklist ${HOME}/.kde4/share/config/k3brc |
12 | nodeny ${HOME}/.local/share/kxmlgui5/k3b | 12 | noblacklist ${HOME}/.local/share/kxmlgui5/k3b |
13 | nodeny ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index e6a00e350..d55fd22cb 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile | |||
@@ -6,14 +6,14 @@ include kaffeine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kaffeinerc | 9 | noblacklist ${HOME}/.config/kaffeinerc |
10 | nodeny ${HOME}/.kde/share/apps/kaffeine | 10 | noblacklist ${HOME}/.kde/share/apps/kaffeine |
11 | nodeny ${HOME}/.kde/share/config/kaffeinerc | 11 | noblacklist ${HOME}/.kde/share/config/kaffeinerc |
12 | nodeny ${HOME}/.kde4/share/apps/kaffeine | 12 | noblacklist ${HOME}/.kde4/share/apps/kaffeine |
13 | nodeny ${HOME}/.kde4/share/config/kaffeinerc | 13 | noblacklist ${HOME}/.kde4/share/config/kaffeinerc |
14 | nodeny ${HOME}/.local/share/kaffeine | 14 | noblacklist ${HOME}/.local/share/kaffeine |
15 | nodeny ${MUSIC} | 15 | noblacklist ${MUSIC} |
16 | nodeny ${VIDEOS} | 16 | noblacklist ${VIDEOS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 98b04353e..503dac4b6 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -6,8 +6,8 @@ include kalgebra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kalgebrarc | 9 | noblacklist ${HOME}/.config/kalgebrarc |
10 | nodeny ${HOME}/.local/share/kalgebra | 10 | noblacklist ${HOME}/.local/share/kalgebra |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow /usr/share/kalgebramobile | 20 | whitelist /usr/share/kalgebramobile |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile index db5394550..231299a2f 100644 --- a/etc/profile-a-l/karbon.profile +++ b/etc/profile-a-l/karbon.profile | |||
@@ -6,7 +6,7 @@ include karbon.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/karbon | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/karbon |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include krita.profile | 12 | include krita.profile |
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index d2b180492..27b87e7c3 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -8,20 +8,20 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.config/katemetainfos | 11 | noblacklist ${HOME}/.config/katemetainfos |
12 | nodeny ${HOME}/.config/katepartrc | 12 | noblacklist ${HOME}/.config/katepartrc |
13 | nodeny ${HOME}/.config/katerc | 13 | noblacklist ${HOME}/.config/katerc |
14 | nodeny ${HOME}/.config/kateschemarc | 14 | noblacklist ${HOME}/.config/kateschemarc |
15 | nodeny ${HOME}/.config/katesyntaxhighlightingrc | 15 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc |
16 | nodeny ${HOME}/.config/katevirc | 16 | noblacklist ${HOME}/.config/katevirc |
17 | nodeny ${HOME}/.local/share/kate | 17 | noblacklist ${HOME}/.local/share/kate |
18 | nodeny ${HOME}/.local/share/kxmlgui5/kate | 18 | noblacklist ${HOME}/.local/share/kxmlgui5/kate |
19 | nodeny ${HOME}/.local/share/kxmlgui5/katefiletree | 19 | noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree |
20 | nodeny ${HOME}/.local/share/kxmlgui5/katekonsole | 20 | noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole |
21 | nodeny ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin | 21 | noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin |
22 | nodeny ${HOME}/.local/share/kxmlgui5/katepart | 22 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart |
23 | nodeny ${HOME}/.local/share/kxmlgui5/kateproject | 23 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject |
24 | nodeny ${HOME}/.local/share/kxmlgui5/katesearch | 24 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | # include disable-devel.inc | 27 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index a4e2e64f4..9795cf168 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | nodeny ${VIDEOS} | 12 | noblacklist ${VIDEOS} |
13 | nodeny ${HOME}/.config/kazam | 13 | noblacklist ${HOME}/.config/kazam |
14 | 14 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 16 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc | |||
25 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | allow /usr/share/kazam | 28 | whitelist /usr/share/kazam |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index fcb168d4d..e36ee5ed2 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -6,7 +6,7 @@ include kcalc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/kcalc | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/kcalc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc | |||
21 | mkfile ${HOME}/.config/kcalcrc | 21 | mkfile ${HOME}/.config/kcalcrc |
22 | mkfile ${HOME}/.kde/share/config/kcalcrc | 22 | mkfile ${HOME}/.kde/share/config/kcalcrc |
23 | mkfile ${HOME}/.kde4/share/config/kcalcrc | 23 | mkfile ${HOME}/.kde4/share/config/kcalcrc |
24 | allow ${HOME}/.config/kcalcrc | 24 | whitelist ${HOME}/.config/kcalcrc |
25 | allow ${HOME}/.kde/share/config/kcalcrc | 25 | whitelist ${HOME}/.kde/share/config/kcalcrc |
26 | allow ${HOME}/.kde4/share/config/kcalcrc | 26 | whitelist ${HOME}/.kde4/share/config/kcalcrc |
27 | allow ${HOME}/.local/share/kxmlgui5/kcalc | 27 | whitelist ${HOME}/.local/share/kxmlgui5/kcalc |
28 | allow /usr/share/config.kcfg/kcalc.kcfg | 28 | whitelist /usr/share/config.kcfg/kcalc.kcfg |
29 | allow /usr/share/kcalc | 29 | whitelist /usr/share/kcalc |
30 | allow /usr/share/kconf_update/kcalcrc.upd | 30 | whitelist /usr/share/kconf_update/kcalcrc.upd |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index 4acafbf2a..d2a08a269 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/kdenlive | 11 | noblacklist ${HOME}/.cache/kdenlive |
12 | nodeny ${HOME}/.config/kdenliverc | 12 | noblacklist ${HOME}/.config/kdenliverc |
13 | nodeny ${HOME}/.local/share/kdenlive | 13 | noblacklist ${HOME}/.local/share/kdenlive |
14 | nodeny ${HOME}/.local/share/kxmlgui5/kdenlive | 14 | noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 0c37f7968..7c1cb2294 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -6,14 +6,14 @@ include kdiff3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kdiff3fileitemactionrc | 9 | noblacklist ${HOME}/.config/kdiff3fileitemactionrc |
10 | nodeny ${HOME}/.config/kdiff3rc | 10 | noblacklist ${HOME}/.config/kdiff3rc |
11 | 11 | ||
12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. | 12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. |
13 | # By default we deny access only to .ssh and .gnupg. | 13 | # By default we deny access only to .ssh and .gnupg. |
14 | #include disable-common.inc | 14 | #include disable-common.inc |
15 | deny ${HOME}/.ssh | 15 | blacklist ${HOME}/.ssh |
16 | deny ${HOME}/.gnupg | 16 | blacklist ${HOME}/.gnupg |
17 | 17 | ||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index 9c06962bc..ae8971ab4 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile | |||
@@ -6,14 +6,14 @@ include keepass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | nodeny ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
11 | nodeny ${HOME}/.config/KeePass | 11 | noblacklist ${HOME}/.config/KeePass |
12 | nodeny ${HOME}/.config/keepass | 12 | noblacklist ${HOME}/.config/keepass |
13 | nodeny ${HOME}/.keepass | 13 | noblacklist ${HOME}/.keepass |
14 | nodeny ${HOME}/.local/share/KeePass | 14 | noblacklist ${HOME}/.local/share/KeePass |
15 | nodeny ${HOME}/.local/share/keepass | 15 | noblacklist ${HOME}/.local/share/keepass |
16 | nodeny ${DOCUMENTS} | 16 | noblacklist ${DOCUMENTS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index 2772fa8bf..ac364986d 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -6,11 +6,11 @@ include keepassx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | nodeny ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
11 | nodeny ${HOME}/.config/keepassx | 11 | noblacklist ${HOME}/.config/keepassx |
12 | nodeny ${HOME}/.keepassx | 12 | noblacklist ${HOME}/.keepassx |
13 | nodeny ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index 9c530b20d..f71dcf82b 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -6,23 +6,23 @@ include keepassxc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | nodeny ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
11 | nodeny ${HOME}/.cache/keepassxc | 11 | noblacklist ${HOME}/.cache/keepassxc |
12 | nodeny ${HOME}/.config/keepassxc | 12 | noblacklist ${HOME}/.config/keepassxc |
13 | nodeny ${HOME}/.config/KeePassXCrc | 13 | noblacklist ${HOME}/.config/KeePassXCrc |
14 | nodeny ${HOME}/.keepassxc | 14 | noblacklist ${HOME}/.keepassxc |
15 | nodeny ${DOCUMENTS} | 15 | noblacklist ${DOCUMENTS} |
16 | 16 | ||
17 | # Allow browser profiles, required for browser integration. | 17 | # Allow browser profiles, required for browser integration. |
18 | nodeny ${HOME}/.config/BraveSoftware | 18 | noblacklist ${HOME}/.config/BraveSoftware |
19 | nodeny ${HOME}/.config/chromium | 19 | noblacklist ${HOME}/.config/chromium |
20 | nodeny ${HOME}/.config/google-chrome | 20 | noblacklist ${HOME}/.config/google-chrome |
21 | nodeny ${HOME}/.config/vivaldi | 21 | noblacklist ${HOME}/.config/vivaldi |
22 | nodeny ${HOME}/.local/share/torbrowser | 22 | noblacklist ${HOME}/.local/share/torbrowser |
23 | nodeny ${HOME}/.mozilla | 23 | noblacklist ${HOME}/.mozilla |
24 | 24 | ||
25 | deny /usr/libexec | 25 | blacklist /usr/libexec |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-devel.inc | 28 | include disable-devel.inc |
@@ -57,7 +57,7 @@ include disable-xdg.inc | |||
57 | #whitelist ${HOME}/.config/KeePassXCrc | 57 | #whitelist ${HOME}/.config/KeePassXCrc |
58 | #include whitelist-common.inc | 58 | #include whitelist-common.inc |
59 | 59 | ||
60 | allow /usr/share/keepassxc | 60 | whitelist /usr/share/keepassxc |
61 | include whitelist-usr-share-common.inc | 61 | include whitelist-usr-share-common.inc |
62 | include whitelist-var-common.inc | 62 | include whitelist-var-common.inc |
63 | 63 | ||
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 30c041cbc..2c684504b 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile | |||
@@ -6,13 +6,13 @@ include kget.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kgetrc | 9 | noblacklist ${HOME}/.config/kgetrc |
10 | nodeny ${HOME}/.kde/share/apps/kget | 10 | noblacklist ${HOME}/.kde/share/apps/kget |
11 | nodeny ${HOME}/.kde/share/config/kgetrc | 11 | noblacklist ${HOME}/.kde/share/config/kgetrc |
12 | nodeny ${HOME}/.kde4/share/apps/kget | 12 | noblacklist ${HOME}/.kde4/share/apps/kget |
13 | nodeny ${HOME}/.kde4/share/config/kgetrc | 13 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
14 | nodeny ${HOME}/.local/share/kget | 14 | noblacklist ${HOME}/.local/share/kget |
15 | nodeny ${HOME}/.local/share/kxmlgui5/kget | 15 | noblacklist ${HOME}/.local/share/kxmlgui5/kget |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile index 84d135fc3..9bcede077 100644 --- a/etc/profile-a-l/kid3-qt.profile +++ b/etc/profile-a-l/kid3-qt.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | include kid3-qt.local | 3 | include kid3-qt.local |
4 | 4 | ||
5 | nodeny ${HOME}/.config/Kid3 | 5 | noblacklist ${HOME}/.config/Kid3 |
6 | 6 | ||
7 | # Redirect | 7 | # Redirect |
8 | include kid3.profile | 8 | include kid3.profile |
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index 0ef2a7845..e18292e99 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -6,9 +6,9 @@ include kid3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | nodeny ${HOME}/.config/kid3rc | 10 | noblacklist ${HOME}/.config/kid3rc |
11 | nodeny ${HOME}/.local/share/kxmlgui5/kid3 | 11 | noblacklist ${HOME}/.local/share/kxmlgui5/kid3 |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 833c1d22a..74014ffe6 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile | |||
@@ -6,8 +6,8 @@ include kino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.kino-history | 9 | noblacklist ${HOME}/.kino-history |
10 | nodeny ${HOME}/.kinorc | 10 | noblacklist ${HOME}/.kinorc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index b188ba0e3..40ee0bbc7 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile | |||
@@ -6,8 +6,8 @@ include kiwix-desktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kiwix | 9 | noblacklist ${HOME}/.local/share/kiwix |
10 | nodeny ${HOME}/.local/share/kiwix-desktop | 10 | noblacklist ${HOME}/.local/share/kiwix-desktop |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/kiwix | 20 | mkdir ${HOME}/.local/share/kiwix |
21 | mkdir ${HOME}/.local/share/kiwix-desktop | 21 | mkdir ${HOME}/.local/share/kiwix-desktop |
22 | allow ${HOME}/.local/share/kiwix | 22 | whitelist ${HOME}/.local/share/kiwix |
23 | allow ${HOME}/.local/share/kiwix-desktop | 23 | whitelist ${HOME}/.local/share/kiwix-desktop |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index e087e4973..c6a9023f1 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile | |||
@@ -6,8 +6,8 @@ include klatexformula.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.kde/share/apps/klatexformula | 9 | noblacklist ${HOME}/.kde/share/apps/klatexformula |
10 | nodeny ${HOME}/.klatexformula | 10 | noblacklist ${HOME}/.klatexformula |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index ec3912419..f5cd3a48c 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -6,8 +6,8 @@ include klavaro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/klavaro | 9 | noblacklist ${HOME}/.config/klavaro |
10 | nodeny ${HOME}/.local/share/klavaro | 10 | noblacklist ${HOME}/.local/share/klavaro |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/klavaro | 20 | mkdir ${HOME}/.local/share/klavaro |
21 | mkdir ${HOME}/.config/klavaro | 21 | mkdir ${HOME}/.config/klavaro |
22 | allow ${HOME}/.local/share/klavaro | 22 | whitelist ${HOME}/.local/share/klavaro |
23 | allow ${HOME}/.config/klavaro | 23 | whitelist ${HOME}/.config/klavaro |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 3c582c08c..95ae98e53 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -9,27 +9,27 @@ include globals.local | |||
9 | # kmail has problems launching akonadi in debian and ubuntu. | 9 | # kmail has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when kmail is started | 10 | # one solution is to have akonadi already running when kmail is started |
11 | 11 | ||
12 | nodeny ${HOME}/.cache/akonadi* | 12 | noblacklist ${HOME}/.cache/akonadi* |
13 | nodeny ${HOME}/.cache/kmail2 | 13 | noblacklist ${HOME}/.cache/kmail2 |
14 | nodeny ${HOME}/.config/akonadi* | 14 | noblacklist ${HOME}/.config/akonadi* |
15 | nodeny ${HOME}/.config/baloorc | 15 | noblacklist ${HOME}/.config/baloorc |
16 | nodeny ${HOME}/.config/emaildefaults | 16 | noblacklist ${HOME}/.config/emaildefaults |
17 | nodeny ${HOME}/.config/emailidentities | 17 | noblacklist ${HOME}/.config/emailidentities |
18 | nodeny ${HOME}/.config/kmail2rc | 18 | noblacklist ${HOME}/.config/kmail2rc |
19 | nodeny ${HOME}/.config/kmailsearchindexingrc | 19 | noblacklist ${HOME}/.config/kmailsearchindexingrc |
20 | nodeny ${HOME}/.config/mailtransports | 20 | noblacklist ${HOME}/.config/mailtransports |
21 | nodeny ${HOME}/.config/specialmailcollectionsrc | 21 | noblacklist ${HOME}/.config/specialmailcollectionsrc |
22 | nodeny ${HOME}/.gnupg | 22 | noblacklist ${HOME}/.gnupg |
23 | nodeny ${HOME}/.local/share/akonadi* | 23 | noblacklist ${HOME}/.local/share/akonadi* |
24 | nodeny ${HOME}/.local/share/apps/korganizer | 24 | noblacklist ${HOME}/.local/share/apps/korganizer |
25 | nodeny ${HOME}/.local/share/contacts | 25 | noblacklist ${HOME}/.local/share/contacts |
26 | nodeny ${HOME}/.local/share/emailidentities | 26 | noblacklist ${HOME}/.local/share/emailidentities |
27 | nodeny ${HOME}/.local/share/kmail2 | 27 | noblacklist ${HOME}/.local/share/kmail2 |
28 | nodeny ${HOME}/.local/share/kxmlgui5/kmail | 28 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail |
29 | nodeny ${HOME}/.local/share/kxmlgui5/kmail2 | 29 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 |
30 | nodeny ${HOME}/.local/share/local-mail | 30 | noblacklist ${HOME}/.local/share/local-mail |
31 | nodeny ${HOME}/.local/share/notes | 31 | noblacklist ${HOME}/.local/share/notes |
32 | nodeny /tmp/akonadi-* | 32 | noblacklist /tmp/akonadi-* |
33 | 33 | ||
34 | include disable-common.inc | 34 | include disable-common.inc |
35 | include disable-devel.inc | 35 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index d2ce14ab6..e88b53499 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile | |||
@@ -6,11 +6,11 @@ include kmplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kmplayerrc | 9 | noblacklist ${HOME}/.config/kmplayerrc |
10 | nodeny ${HOME}/.kde/share/config/kmplayerrc | 10 | noblacklist ${HOME}/.kde/share/config/kmplayerrc |
11 | nodeny ${HOME}/.local/share/kmplayer | 11 | noblacklist ${HOME}/.local/share/kmplayer |
12 | nodeny ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | nodeny ${VIDEOS} | 13 | noblacklist ${VIDEOS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile index 5a9ac34da..f155d0ad6 100644 --- a/etc/profile-a-l/knotes.profile +++ b/etc/profile-a-l/knotes.profile | |||
@@ -10,9 +10,9 @@ include knotes.local | |||
10 | # knotes has problems launching akonadi in debian and ubuntu. | 10 | # knotes has problems launching akonadi in debian and ubuntu. |
11 | # one solution is to have akonadi already running when knotes is started | 11 | # one solution is to have akonadi already running when knotes is started |
12 | 12 | ||
13 | nodeny ${HOME}/.config/knotesrc | 13 | noblacklist ${HOME}/.config/knotesrc |
14 | nodeny ${HOME}/.local/share/knotes | 14 | noblacklist ${HOME}/.local/share/knotes |
15 | nodeny ${HOME}/.local/share/kxmlgui5/knotes | 15 | noblacklist ${HOME}/.local/share/kxmlgui5/knotes |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include kmail.profile | 18 | include kmail.profile |
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index 2725c87be..f909728a5 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile | |||
@@ -12,11 +12,17 @@ ignore noexec ${HOME} | |||
12 | #ignore nogroups | 12 | #ignore nogroups |
13 | #ignore noroot | 13 | #ignore noroot |
14 | #ignore private-dev | 14 | #ignore private-dev |
15 | # Add the following to your kodi.local if you use the Lutris Kodi Addon | ||
16 | #noblacklist /sbin | ||
17 | #noblacklist /usr/sbin | ||
18 | #noblacklist ${HOME}/.cache/lutris | ||
19 | #noblacklist ${HOME}/.config/lutris | ||
20 | #noblacklist ${HOME}/.local/share/lutris | ||
15 | 21 | ||
16 | nodeny ${HOME}/.kodi | 22 | noblacklist ${HOME}/.kodi |
17 | nodeny ${MUSIC} | 23 | noblacklist ${MUSIC} |
18 | nodeny ${PICTURES} | 24 | noblacklist ${PICTURES} |
19 | nodeny ${VIDEOS} | 25 | noblacklist ${VIDEOS} |
20 | 26 | ||
21 | # Allow python (blacklisted by disable-interpreters.inc) | 27 | # Allow python (blacklisted by disable-interpreters.inc) |
22 | include allow-python2.inc | 28 | include allow-python2.inc |
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index d8ce33838..5b5ed6e24 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile | |||
@@ -6,11 +6,11 @@ include konversation.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/konversationrc | 9 | noblacklist ${HOME}/.config/konversationrc |
10 | nodeny ${HOME}/.config/konversation.notifyrc | 10 | noblacklist ${HOME}/.config/konversation.notifyrc |
11 | nodeny ${HOME}/.kde/share/config/konversationrc | 11 | noblacklist ${HOME}/.kde/share/config/konversationrc |
12 | nodeny ${HOME}/.kde4/share/config/konversationrc | 12 | noblacklist ${HOME}/.kde4/share/config/konversationrc |
13 | nodeny ${HOME}/.local/share/kxmlgui5/konversation | 13 | noblacklist ${HOME}/.local/share/kxmlgui5/konversation |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 749591f32..88f47d1bf 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile | |||
@@ -6,11 +6,11 @@ include kopete.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.kde/share/apps/kopete | 9 | noblacklist ${HOME}/.kde/share/apps/kopete |
10 | nodeny ${HOME}/.kde/share/config/kopeterc | 10 | noblacklist ${HOME}/.kde/share/config/kopeterc |
11 | nodeny ${HOME}/.kde4/share/apps/kopete | 11 | noblacklist ${HOME}/.kde4/share/apps/kopete |
12 | nodeny ${HOME}/.kde4/share/config/kopeterc | 12 | noblacklist ${HOME}/.kde4/share/config/kopeterc |
13 | nodeny ${HOME}/.local/share/kxmlgui5/kopete | 13 | noblacklist ${HOME}/.local/share/kxmlgui5/kopete |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | allow /var/lib/winpopup | 22 | whitelist /var/lib/winpopup |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 950341def..8604e63d0 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile | |||
@@ -9,10 +9,10 @@ include globals.local | |||
9 | # noexec ${HOME} may break krita, see issue #1953 | 9 | # noexec ${HOME} may break krita, see issue #1953 |
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | nodeny ${HOME}/.config/kritarc | 12 | noblacklist ${HOME}/.config/kritarc |
13 | nodeny ${HOME}/.local/share/krita | 13 | noblacklist ${HOME}/.local/share/krita |
14 | nodeny ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
15 | nodeny ${PICTURES} | 15 | noblacklist ${PICTURES} |
16 | 16 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 17 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | include allow-python2.inc | 18 | include allow-python2.inc |
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 7b325d273..9cb5eff87 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile | |||
@@ -13,9 +13,9 @@ include globals.local | |||
13 | # noblacklist ${HOME}/.cache/krunner | 13 | # noblacklist ${HOME}/.cache/krunner |
14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | 14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
15 | # noblacklist ${HOME}/.config/chromium | 15 | # noblacklist ${HOME}/.config/chromium |
16 | nodeny ${HOME}/.config/krunnerrc | 16 | noblacklist ${HOME}/.config/krunnerrc |
17 | nodeny ${HOME}/.kde/share/config/krunnerrc | 17 | noblacklist ${HOME}/.kde/share/config/krunnerrc |
18 | nodeny ${HOME}/.kde4/share/config/krunnerrc | 18 | noblacklist ${HOME}/.kde4/share/config/krunnerrc |
19 | # noblacklist ${HOME}/.local/share/baloo | 19 | # noblacklist ${HOME}/.local/share/baloo |
20 | # noblacklist ${HOME}/.mozilla | 20 | # noblacklist ${HOME}/.mozilla |
21 | 21 | ||
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index ac9fee585..5a85194e0 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile | |||
@@ -6,13 +6,13 @@ include ktorrent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ktorrentrc | 9 | noblacklist ${HOME}/.config/ktorrentrc |
10 | nodeny ${HOME}/.kde/share/apps/ktorrent | 10 | noblacklist ${HOME}/.kde/share/apps/ktorrent |
11 | nodeny ${HOME}/.kde/share/config/ktorrentrc | 11 | noblacklist ${HOME}/.kde/share/config/ktorrentrc |
12 | nodeny ${HOME}/.kde4/share/apps/ktorrent | 12 | noblacklist ${HOME}/.kde4/share/apps/ktorrent |
13 | nodeny ${HOME}/.kde4/share/config/ktorrentrc | 13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc |
14 | nodeny ${HOME}/.local/share/ktorrent | 14 | noblacklist ${HOME}/.local/share/ktorrent |
15 | nodeny ${HOME}/.local/share/kxmlgui5/ktorrent | 15 | noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent | |||
29 | mkfile ${HOME}/.config/ktorrentrc | 29 | mkfile ${HOME}/.config/ktorrentrc |
30 | mkfile ${HOME}/.kde/share/config/ktorrentrc | 30 | mkfile ${HOME}/.kde/share/config/ktorrentrc |
31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc | 31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc |
32 | allow ${DOWNLOADS} | 32 | whitelist ${DOWNLOADS} |
33 | allow ${HOME}/.config/ktorrentrc | 33 | whitelist ${HOME}/.config/ktorrentrc |
34 | allow ${HOME}/.kde/share/apps/ktorrent | 34 | whitelist ${HOME}/.kde/share/apps/ktorrent |
35 | allow ${HOME}/.kde/share/config/ktorrentrc | 35 | whitelist ${HOME}/.kde/share/config/ktorrentrc |
36 | allow ${HOME}/.kde4/share/apps/ktorrent | 36 | whitelist ${HOME}/.kde4/share/apps/ktorrent |
37 | allow ${HOME}/.kde4/share/config/ktorrentrc | 37 | whitelist ${HOME}/.kde4/share/config/ktorrentrc |
38 | allow ${HOME}/.local/share/ktorrent | 38 | whitelist ${HOME}/.local/share/ktorrent |
39 | allow ${HOME}/.local/share/kxmlgui5/ktorrent | 39 | whitelist ${HOME}/.local/share/kxmlgui5/ktorrent |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 71f8e4977..4cf72b74c 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -6,8 +6,8 @@ include ktouch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ktouch2rc | 9 | noblacklist ${HOME}/.config/ktouch2rc |
10 | nodeny ${HOME}/.local/share/ktouch | 10 | noblacklist ${HOME}/.local/share/ktouch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkfile ${HOME}/.config/ktouch2rc | 21 | mkfile ${HOME}/.config/ktouch2rc |
22 | mkdir ${HOME}/.local/share/ktouch | 22 | mkdir ${HOME}/.local/share/ktouch |
23 | allow ${HOME}/.config/ktouch2rc | 23 | whitelist ${HOME}/.config/ktouch2rc |
24 | allow ${HOME}/.local/share/ktouch | 24 | whitelist ${HOME}/.local/share/ktouch |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 74ffd1162..4e9a12e5f 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -6,13 +6,13 @@ include kube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | nodeny ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
11 | nodeny ${HOME}/.cache/kube | 11 | noblacklist ${HOME}/.cache/kube |
12 | nodeny ${HOME}/.config/kube | 12 | noblacklist ${HOME}/.config/kube |
13 | nodeny ${HOME}/.config/sink | 13 | noblacklist ${HOME}/.config/sink |
14 | nodeny ${HOME}/.local/share/kube | 14 | noblacklist ${HOME}/.local/share/kube |
15 | nodeny ${HOME}/.local/share/sink | 15 | noblacklist ${HOME}/.local/share/sink |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube | |||
29 | mkdir ${HOME}/.config/sink | 29 | mkdir ${HOME}/.config/sink |
30 | mkdir ${HOME}/.local/share/kube | 30 | mkdir ${HOME}/.local/share/kube |
31 | mkdir ${HOME}/.local/share/sink | 31 | mkdir ${HOME}/.local/share/sink |
32 | allow ${HOME}/.gnupg | 32 | whitelist ${HOME}/.gnupg |
33 | allow ${HOME}/.mozilla/firefox/profiles.ini | 33 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
34 | allow ${HOME}/.cache/kube | 34 | whitelist ${HOME}/.cache/kube |
35 | allow ${HOME}/.config/kube | 35 | whitelist ${HOME}/.config/kube |
36 | allow ${HOME}/.config/sink | 36 | whitelist ${HOME}/.config/sink |
37 | allow ${HOME}/.local/share/kube | 37 | whitelist ${HOME}/.local/share/kube |
38 | allow ${HOME}/.local/share/sink | 38 | whitelist ${HOME}/.local/share/sink |
39 | allow ${RUNUSER}/gnupg | 39 | whitelist ${RUNUSER}/gnupg |
40 | allow /usr/share/kube | 40 | whitelist /usr/share/kube |
41 | allow /usr/share/gnupg | 41 | whitelist /usr/share/gnupg |
42 | allow /usr/share/gnupg2 | 42 | whitelist /usr/share/gnupg2 |
43 | include whitelist-common.inc | 43 | include whitelist-common.inc |
44 | include whitelist-runuser-common.inc | 44 | include whitelist-runuser-common.inc |
45 | include whitelist-usr-share-common.inc | 45 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 580f93736..15e7ceb17 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | # fix automatical kwin_x11 sandboxing: | 8 | # fix automatical kwin_x11 sandboxing: |
9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment | 9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/kwin | 11 | noblacklist ${HOME}/.cache/kwin |
12 | nodeny ${HOME}/.config/kwinrc | 12 | noblacklist ${HOME}/.config/kwinrc |
13 | nodeny ${HOME}/.config/kwinrulesrc | 13 | noblacklist ${HOME}/.config/kwinrulesrc |
14 | nodeny ${HOME}/.local/share/kwin | 14 | noblacklist ${HOME}/.local/share/kwin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 08b0e0224..804ffafeb 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -6,15 +6,15 @@ include kwrite.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/katepartrc | 9 | noblacklist ${HOME}/.config/katepartrc |
10 | nodeny ${HOME}/.config/katerc | 10 | noblacklist ${HOME}/.config/katerc |
11 | nodeny ${HOME}/.config/kateschemarc | 11 | noblacklist ${HOME}/.config/kateschemarc |
12 | nodeny ${HOME}/.config/katesyntaxhighlightingrc | 12 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc |
13 | nodeny ${HOME}/.config/katevirc | 13 | noblacklist ${HOME}/.config/katevirc |
14 | nodeny ${HOME}/.config/kwriterc | 14 | noblacklist ${HOME}/.config/kwriterc |
15 | nodeny ${HOME}/.local/share/kwrite | 15 | noblacklist ${HOME}/.local/share/kwrite |
16 | nodeny ${HOME}/.local/share/kxmlgui5/kwrite | 16 | noblacklist ${HOME}/.local/share/kxmlgui5/kwrite |
17 | nodeny ${DOCUMENTS} | 17 | noblacklist ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index 91693bfc1..ac1b8785d 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile | |||
@@ -13,7 +13,7 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | allow /var/lib | 16 | whitelist /var/lib |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index e154708eb..4bbb0a86d 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile | |||
@@ -6,7 +6,7 @@ include leafpad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/leafpad | 9 | noblacklist ${HOME}/.config/leafpad |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index abee392de..8eb5ad0c2 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile | |||
@@ -7,9 +7,9 @@ include less.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | nodeny ${HOME}/.lesshst | 12 | noblacklist ${HOME}/.lesshst |
13 | 13 | ||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index 8ec41eee3..c57eae73d 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile | |||
@@ -4,8 +4,8 @@ include librecad.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | nodeny ${HOME}/.config/LibreCAD | 7 | noblacklist ${HOME}/.config/LibreCAD |
8 | nodeny ${HOME}/.local/share/LibreCAD | 8 | noblacklist ${HOME}/.local/share/LibreCAD |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | allow /usr/share/librecad | 19 | whitelist /usr/share/librecad |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index ae01d39b8..b1a24888c 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -6,15 +6,15 @@ include libreoffice.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
10 | nodeny ${HOME}/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | # libreoffice uses java for some functionality. | 12 | # libreoffice uses java for some functionality. |
13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. | 13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. |
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
16 | 16 | ||
17 | deny /usr/libexec | 17 | blacklist /usr/libexec |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 5c614ab8e..da047357a 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -6,13 +6,13 @@ include librewolf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/librewolf | 9 | noblacklist ${HOME}/.cache/librewolf |
10 | nodeny ${HOME}/.librewolf | 10 | noblacklist ${HOME}/.librewolf |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/librewolf | 12 | mkdir ${HOME}/.cache/librewolf |
13 | mkdir ${HOME}/.librewolf | 13 | mkdir ${HOME}/.librewolf |
14 | allow ${HOME}/.cache/librewolf | 14 | whitelist ${HOME}/.cache/librewolf |
15 | allow ${HOME}/.librewolf | 15 | whitelist ${HOME}/.librewolf |
16 | 16 | ||
17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. | 17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
@@ -23,10 +23,10 @@ allow ${HOME}/.librewolf | |||
23 | #whitelist ${RUNUSER}/kpxc_server | 23 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 25 | ||
26 | allow /usr/share/doc | 26 | whitelist /usr/share/doc |
27 | allow /usr/share/gtk-doc/html | 27 | whitelist /usr/share/gtk-doc/html |
28 | allow /usr/share/mozilla | 28 | whitelist /usr/share/mozilla |
29 | allow /usr/share/webext | 29 | whitelist /usr/share/webext |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | 31 | ||
32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile new file mode 100644 index 000000000..b9ed0de8e --- /dev/null +++ b/etc/profile-a-l/lifeograph.profile | |||
@@ -0,0 +1,58 @@ | |||
1 | # Firejail profile for lifeograph | ||
2 | # Description: Lifeograph is a diary program to take personal notes | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lifeograph.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${DOCUMENTS} | ||
10 | |||
11 | deny /usr/libexec | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-shell.inc | ||
20 | include disable-xdg.inc | ||
21 | |||
22 | allow ${DOCUMENTS} | ||
23 | allow /usr/share/lifeograph | ||
24 | include whitelist-common.inc | ||
25 | include whitelist-runuser-common.inc | ||
26 | include whitelist-usr-share-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | apparmor | ||
30 | caps.drop all | ||
31 | machine-id | ||
32 | net none | ||
33 | no3d | ||
34 | nodvd | ||
35 | nogroups | ||
36 | noinput | ||
37 | nonewprivs | ||
38 | noroot | ||
39 | nosound | ||
40 | notv | ||
41 | nou2f | ||
42 | novideo | ||
43 | protocol unix | ||
44 | seccomp | ||
45 | seccomp.block-secondary | ||
46 | shell none | ||
47 | tracelog | ||
48 | |||
49 | disable-mnt | ||
50 | private-bin lifeograph | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
54 | private-tmp | ||
55 | |||
56 | dbus-user filter | ||
57 | dbus-user.talk ca.desrt.dconf | ||
58 | dbus-system none | ||
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 595ecc257..7afca1d5f 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile | |||
@@ -6,9 +6,9 @@ include liferea.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/liferea | 9 | noblacklist ${HOME}/.cache/liferea |
10 | nodeny ${HOME}/.config/liferea | 10 | noblacklist ${HOME}/.config/liferea |
11 | nodeny ${HOME}/.local/share/liferea | 11 | noblacklist ${HOME}/.local/share/liferea |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | mkdir ${HOME}/.cache/liferea | 24 | mkdir ${HOME}/.cache/liferea |
25 | mkdir ${HOME}/.config/liferea | 25 | mkdir ${HOME}/.config/liferea |
26 | mkdir ${HOME}/.local/share/liferea | 26 | mkdir ${HOME}/.local/share/liferea |
27 | allow ${HOME}/.cache/liferea | 27 | whitelist ${HOME}/.cache/liferea |
28 | allow ${HOME}/.config/liferea | 28 | whitelist ${HOME}/.config/liferea |
29 | allow ${HOME}/.local/share/liferea | 29 | whitelist ${HOME}/.local/share/liferea |
30 | allow /usr/share/liferea | 30 | whitelist /usr/share/liferea |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile index 58d5bcd6d..c065c44a9 100644 --- a/etc/profile-a-l/lightsoff.profile +++ b/etc/profile-a-l/lightsoff.profile | |||
@@ -6,7 +6,7 @@ include lightsoff.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | allow /usr/share/lightsoff | 9 | whitelist /usr/share/lightsoff |
10 | 10 | ||
11 | private-bin lightsoff | 11 | private-bin lightsoff |
12 | 12 | ||
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index e14c50d77..4254b7f33 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile | |||
@@ -6,7 +6,7 @@ include lincity-ng.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.lincity-ng | 9 | noblacklist ${HOME}/.lincity-ng |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.lincity-ng | 20 | mkdir ${HOME}/.lincity-ng |
21 | allow ${HOME}/.lincity-ng | 21 | whitelist ${HOME}/.lincity-ng |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index 51e3d5b94..cd885b1d4 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -4,8 +4,8 @@ include links-common.local | |||
4 | 4 | ||
5 | # common profile for links browsers | 5 | # common profile for links browsers |
6 | 6 | ||
7 | deny /tmp/.X11-unix | 7 | blacklist /tmp/.X11-unix |
8 | deny ${RUNUSER}/wayland-* | 8 | blacklist ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile index ae57601ca..8ce39cc7f 100644 --- a/etc/profile-a-l/links.profile +++ b/etc/profile-a-l/links.profile | |||
@@ -7,10 +7,10 @@ include links.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.links | 10 | noblacklist ${HOME}/.links |
11 | 11 | ||
12 | mkdir ${HOME}/.links | 12 | mkdir ${HOME}/.links |
13 | allow ${HOME}/.links | 13 | whitelist ${HOME}/.links |
14 | 14 | ||
15 | private-bin links | 15 | private-bin links |
16 | 16 | ||
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile index eb349c73a..5f91dfcd2 100644 --- a/etc/profile-a-l/links2.profile +++ b/etc/profile-a-l/links2.profile | |||
@@ -7,10 +7,10 @@ include links2.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.links2 | 10 | noblacklist ${HOME}/.links2 |
11 | 11 | ||
12 | mkdir ${HOME}/.links2 | 12 | mkdir ${HOME}/.links2 |
13 | allow ${HOME}/.links2 | 13 | whitelist ${HOME}/.links2 |
14 | 14 | ||
15 | private-bin links2 | 15 | private-bin links2 |
16 | 16 | ||
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index dd1dac05b..7ebdbef4c 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile | |||
@@ -6,10 +6,10 @@ include linphone.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/linphone | 9 | noblacklist ${HOME}/.config/linphone |
10 | nodeny ${HOME}/.linphone-history.db | 10 | noblacklist ${HOME}/.linphone-history.db |
11 | nodeny ${HOME}/.linphonerc | 11 | noblacklist ${HOME}/.linphonerc |
12 | nodeny ${HOME}/.local/share/linphone | 12 | noblacklist ${HOME}/.local/share/linphone |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-programs.inc | |||
23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. | 23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. |
24 | mkdir ${HOME}/.config/linphone | 24 | mkdir ${HOME}/.config/linphone |
25 | mkdir ${HOME}/.local/share/linphone | 25 | mkdir ${HOME}/.local/share/linphone |
26 | allow ${HOME}/.config/linphone | 26 | whitelist ${HOME}/.config/linphone |
27 | allow ${HOME}/.linphone-history.db | 27 | whitelist ${HOME}/.linphone-history.db |
28 | allow ${HOME}/.linphonerc | 28 | whitelist ${HOME}/.linphonerc |
29 | allow ${HOME}/.local/share/linphone | 29 | whitelist ${HOME}/.local/share/linphone |
30 | allow ${DOWNLOADS} | 30 | whitelist ${DOWNLOADS} |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | 32 | ||
33 | caps.drop all | 33 | caps.drop all |
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index b22110fdc..48b0e14dc 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile | |||
@@ -6,9 +6,9 @@ include lmms.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.lmmsrc.xml | 9 | noblacklist ${HOME}/.lmmsrc.xml |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index 0a7ce86e8..f2676fec5 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -6,8 +6,8 @@ include lollypop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/lollypop | 9 | noblacklist ${HOME}/.local/share/lollypop |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 30802b3b7..174c65a65 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # note: crashes after entering | 9 | # note: crashes after entering |
10 | 10 | ||
11 | nodeny ${HOME}/.config/lugaru | 11 | noblacklist ${HOME}/.config/lugaru |
12 | nodeny ${HOME}/.local/share/lugaru | 12 | noblacklist ${HOME}/.local/share/lugaru |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/lugaru | 23 | mkdir ${HOME}/.config/lugaru |
24 | mkdir ${HOME}/.local/share/lugaru | 24 | mkdir ${HOME}/.local/share/lugaru |
25 | allow ${HOME}/.config/lugaru | 25 | whitelist ${HOME}/.config/lugaru |
26 | allow ${HOME}/.local/share/lugaru | 26 | whitelist ${HOME}/.local/share/lugaru |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index 73400dbd6..31067034e 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile | |||
@@ -6,8 +6,8 @@ include luminance-hdr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Luminance | 9 | noblacklist ${HOME}/.config/Luminance |
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 9d5169b80..80a3aba86 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile | |||
@@ -6,18 +6,18 @@ include lutris.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PATH}/llvm* | 9 | noblacklist ${PATH}/llvm* |
10 | nodeny ${HOME}/Games | 10 | noblacklist ${HOME}/Games |
11 | nodeny ${HOME}/.cache/lutris | 11 | noblacklist ${HOME}/.cache/lutris |
12 | nodeny ${HOME}/.cache/winetricks | 12 | noblacklist ${HOME}/.cache/winetricks |
13 | nodeny ${HOME}/.config/lutris | 13 | noblacklist ${HOME}/.config/lutris |
14 | nodeny ${HOME}/.local/share/lutris | 14 | noblacklist ${HOME}/.local/share/lutris |
15 | # noblacklist ${HOME}/.wine | 15 | # noblacklist ${HOME}/.wine |
16 | nodeny /tmp/.wine-* | 16 | noblacklist /tmp/.wine-* |
17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise | 17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise |
18 | # Lutris won't even start. | 18 | # Lutris won't even start. |
19 | nodeny /sbin | 19 | noblacklist /sbin |
20 | nodeny /usr/sbin | 20 | noblacklist /usr/sbin |
21 | 21 | ||
22 | ignore noexec ${HOME} | 22 | ignore noexec ${HOME} |
23 | 23 | ||
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks | |||
39 | mkdir ${HOME}/.config/lutris | 39 | mkdir ${HOME}/.config/lutris |
40 | mkdir ${HOME}/.local/share/lutris | 40 | mkdir ${HOME}/.local/share/lutris |
41 | # mkdir ${HOME}/.wine | 41 | # mkdir ${HOME}/.wine |
42 | allow ${DOWNLOADS} | 42 | whitelist ${DOWNLOADS} |
43 | allow ${HOME}/Games | 43 | whitelist ${HOME}/Games |
44 | allow ${HOME}/.cache/lutris | 44 | whitelist ${HOME}/.cache/lutris |
45 | allow ${HOME}/.cache/winetricks | 45 | whitelist ${HOME}/.cache/winetricks |
46 | allow ${HOME}/.config/lutris | 46 | whitelist ${HOME}/.config/lutris |
47 | allow ${HOME}/.local/share/lutris | 47 | whitelist ${HOME}/.local/share/lutris |
48 | # whitelist ${HOME}/.wine | 48 | # whitelist ${HOME}/.wine |
49 | allow /usr/share/lutris | 49 | whitelist /usr/share/lutris |
50 | allow /usr/share/wine | 50 | whitelist /usr/share/wine |
51 | include whitelist-common.inc | 51 | include whitelist-common.inc |
52 | include whitelist-usr-share-common.inc | 52 | include whitelist-usr-share-common.inc |
53 | include whitelist-runuser-common.inc | 53 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index 43147211b..b2a56012e 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile | |||
@@ -6,7 +6,7 @@ include lximage-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/lximage-qt | 9 | noblacklist ${HOME}/.config/lximage-qt |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index c849f2ad2..cc4b95551 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile | |||
@@ -6,9 +6,9 @@ include lxmusic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/xmms2 | 9 | noblacklist ${HOME}/.cache/xmms2 |
10 | nodeny ${HOME}/.config/xmms2 | 10 | noblacklist ${HOME}/.config/xmms2 |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index 15c8f1faa..a919e924b 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile | |||
@@ -7,8 +7,8 @@ include lynx.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index 358dbf2f2..fa69463d1 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore private-tmp | 9 | ignore private-tmp |
10 | 10 | ||
11 | nodeny ${HOME}/.config/LyX | 11 | noblacklist ${HOME}/.config/LyX |
12 | nodeny ${HOME}/.lyx | 12 | noblacklist ${HOME}/.lyx |
13 | 13 | ||
14 | # Allow lua (blacklisted by disable-interpreters.inc) | 14 | # Allow lua (blacklisted by disable-interpreters.inc) |
15 | include allow-lua.inc | 15 | include allow-lua.inc |
@@ -21,11 +21,11 @@ include allow-perl.inc | |||
21 | include allow-python2.inc | 21 | include allow-python2.inc |
22 | include allow-python3.inc | 22 | include allow-python3.inc |
23 | 23 | ||
24 | allow /usr/share/lyx | 24 | whitelist /usr/share/lyx |
25 | allow /usr/share/texinfo | 25 | whitelist /usr/share/texinfo |
26 | allow /usr/share/texlive | 26 | whitelist /usr/share/texlive |
27 | allow /usr/share/texmf-dist | 27 | whitelist /usr/share/texmf-dist |
28 | allow /usr/share/tlpkg | 28 | whitelist /usr/share/tlpkg |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | 30 | ||
31 | apparmor | 31 | apparmor |
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile index 3a4edcf69..4637419bf 100644 --- a/etc/profile-a-l/sway.profile +++ b/etc/profile-a-l/sway.profile | |||
@@ -7,9 +7,9 @@ include sway.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in sway will run in this profile | 9 | # all applications started in sway will run in this profile |
10 | nodeny ${HOME}/.config/sway | 10 | noblacklist ${HOME}/.config/sway |
11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway | 11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway |
12 | nodeny ${HOME}/.config/i3 | 12 | noblacklist ${HOME}/.config/i3 |
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |