disable-shell.inc (#3411)

* disable-shell.inc

* add disable-shell.inc to all profiles with a …

… private-bin line without bash/sh except profiles with redirect
profiles.

* add it to some more profiles

* exclude aria2c.profile

81 files changed, 82 insertions, 1 deletions

diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index 948d3774a..1fdc9e9fe 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 whitelist /usr/share/abiword-3.0
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index 34933f283..377c43804 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index fa688f1a5..61e5f2eea 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/Anki2
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
index 35b18bab4..c847a04dc 100644
--- a/etc/profile-a-l/anydesk.profile
+++ b/etc/profile-a-l/anydesk.profile
@@ -9,9 +9,10 @@ noblacklist ${HOME}/.anydesk
 
 include disable-common.inc
 include disable-devel.inc
+include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-include disable-interpreters.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.anydesk
 whitelist ${HOME}/.anydesk
diff --git a/etc/profile-a-l/ar.profile b/etc/profile-a-l/ar.profile
index 6ed60ffe5..183587ff8 100644
--- a/etc/profile-a-l/ar.profile
+++ b/etc/profile-a-l/ar.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 apparmor
 caps.drop all
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
index 324730bde..934b89404 100644
--- a/etc/profile-a-l/arch-audit.profile
+++ b/etc/profile-a-l/arch-audit.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/arch-audit
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index 19a4771aa..adb33fae1 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 # whitelisting in ${HOME} makes settings immutable, see #3112
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
index da72a4a73..2686839ef 100644
--- a/etc/profile-a-l/assogiate.profile
+++ b/etc/profile-a-l/assogiate.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist ${PICTURES}
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index 5a454d31d..a11e59553 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
index d7228570f..44c3110a0 100644
--- a/etc/profile-a-l/aweather.profile
+++ b/etc/profile-a-l/aweather.profile
@@ -13,6 +13,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.config/aweather
 whitelist ${HOME}/.config/aweather
diff --git a/etc/profile-a-l/baobab.profile b/etc/profile-a-l/baobab.profile
index 50f7531c0..3937e1966 100644
--- a/etc/profile-a-l/baobab.profile
+++ b/etc/profile-a-l/baobab.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 # include disable-programs.inc
+include disable-shell.inc
 # include disable-xdg.inc
 
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
index ac1e21ba7..3a3f2b62c 100644
--- a/etc/profile-a-l/bitcoin-qt.profile
+++ b/etc/profile-a-l/bitcoin-qt.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.bitcoin
 mkdir ${HOME}/.config/Bitcoin
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index 3095e7505..41f8e51fd 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/Bitwarden
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index 2a56bdf94..d43a9d241 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.parallelrealities/blobwars
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
index 1f56d5169..f06bead1e 100644
--- a/etc/profile-a-l/bzflag.profile
+++ b/etc/profile-a-l/bzflag.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.bzf
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index f48cc43a1..74c7cc34b 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/cameramonitor
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
index c44d56b90..294bb31b3 100644
--- a/etc/profile-a-l/cantata.profile
+++ b/etc/profile-a-l/cantata.profile
@@ -20,6 +20,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 # apparmor
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index fa1e5d722..bcd557787 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -14,6 +14,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index 6df9627b3..1fd2270ab 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/agenda
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index 39a9a360d..c1800fe4c 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
index dbb043c17..e9a2c9441 100644
--- a/etc/profile-a-l/corebird.profile
+++ b/etc/profile-a-l/corebird.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
index 8efe48240..0ab5a7f78 100644
--- a/etc/profile-a-l/cower.profile
+++ b/etc/profile-a-l/cower.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 # This profile could be significantly strengthened by adding the following to cower.local
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 755b6e9f8..db4be7679 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-common.inc
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index 51df7b455..7e622799a 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -18,6 +18,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/d-feet
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index 62379d3ef..d6541850d 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist ${HOME}/.local/share/glib-2.0
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index f3c012acb..b8b07469d 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -13,6 +13,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/devhelp
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
index 82ddf2819..d06ca042e 100644
--- a/etc/profile-a-l/dino.profile
+++ b/etc/profile-a-l/dino.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.local/share/dino
 whitelist ${HOME}/.local/share/dino
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 2ae4edced..9de634da9 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 17ccc9b9a..11b9a4f42 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -14,6 +14,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
index df839cc47..d355cd121 100644
--- a/etc/profile-a-l/dragon.profile
+++ b/etc/profile-a-l/dragon.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/dragonplayer
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 4132caa4f..4d723c8aa 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/draw.io
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index d5def68c2..39366470f 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/electron-mail
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index bcc84ddb8..73c19f380 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -18,6 +18,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.electrum
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index 72f588366..1c34335d2 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.etr
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index 04964ce33..77a48f0ba 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/doc
diff --git a/etc/profile-a-l/exfalso.profile b/etc/profile-a-l/exfalso.profile
index 0b961f534..192858304 100644
--- a/etc/profile-a-l/exfalso.profile
+++ b/etc/profile-a-l/exfalso.profile
@@ -22,6 +22,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.quodlibet
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
index af670cee2..e9fcc2231 100644
--- a/etc/profile-a-l/fbreader.profile
+++ b/etc/profile-a-l/fbreader.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile
index 91123fa0e..3ee07e559 100644
--- a/etc/profile-a-l/feh.profile
+++ b/etc/profile-a-l/feh.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 # This profile disables network access
 # In order to enable network access,
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 37c46e7d6..fb5c9ee57 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/devedeng
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index 5a69684b5..207f87074 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
index ae0e32d1e..acad6ad13 100644
--- a/etc/profile-a-l/font-manager.profile
+++ b/etc/profile-a-l/font-manager.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/font-manager
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 404d89742..89f20b923 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/galculator
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index 587a12a93..d97ab530b 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/gfeeds
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 1d5398403..d7b46263d 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/ghostwriter
diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile
index a18a123d3..bc6626598 100644
--- a/etc/profile-a-l/gnome-calculator.profile
+++ b/etc/profile-a-l/gnome-calculator.profile
@@ -13,6 +13,7 @@ include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-common.inc
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 3d7a2e4a6..f4f3ae2d7 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/org.gnome.Characters
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index c1d2a34c0..84a3cabd6 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 #mkdir ${HOME}/.local/share/gnome-chess
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index b865423c5..fc899178f 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/gnome-clocks
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index 59fe330a1..5ae7bbe01 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index 4b6453015..41218d3f7 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /var/log/journal
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index 1366d1e1e..eb0030dda 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -24,6 +24,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/champlain
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index 555a59d93..615be7873 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/cracklib
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 20c355371..c4969590f 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.cache/gnome-recipes
 mkdir ${HOME}/.local/share/gnome-recipes
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index fe6bc025d..82fb1b658 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index f597f5cd3..14b0f758e 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /var/log
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index 453925022..2fab3dcc7 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/gnome-todo
diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile
index 5a17d0ff8..c46fbc1d9 100644
--- a/etc/profile-a-l/gnome_games-common.profile
+++ b/etc/profile-a-l/gnome_games-common.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-common.inc
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index 578ccaef9..a536e5985 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 whitelist /usr/share/gpicview
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index c1f1b53a0..3152db096 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.config/Gpredict
 whitelist ${HOME}/.config/Gpredict
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index 7a1a9440e..0cb3aa864 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/gravity-beams-and-evaporating-stars
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile
index 77de59802..de0fc96ae 100644
--- a/etc/profile-a-l/gthumb.profile
+++ b/etc/profile-a-l/gthumb.profile
@@ -15,6 +15,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 caps.drop all
 nodvd
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index ac2e9891b..2051a8af6 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-common.inc
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile
index 8ffd7ff58..8a7f65918 100644
--- a/etc/profile-a-l/guayadeque.profile
+++ b/etc/profile-a-l/guayadeque.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gucharmap.profile b/etc/profile-a-l/gucharmap.profile
index 624914759..c0254b5ec 100644
--- a/etc/profile-a-l/gucharmap.profile
+++ b/etc/profile-a-l/gucharmap.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-common.inc
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index dee0ba9a2..ec83a2d9f 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -23,6 +23,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile
index 7723cbd6b..4c8911a06 100644
--- a/etc/profile-a-l/hexchat.profile
+++ b/etc/profile-a-l/hexchat.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/hexchat
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 8d2987b62..0761aa2fc 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -14,6 +14,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 caps.drop all
 net none
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile
index f8d9f999d..e03b68128 100644
--- a/etc/profile-a-l/hugin.profile
+++ b/etc/profile-a-l/hugin.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index 1e3663b8f..f2cb25edf 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/hyperrogue.ini
diff --git a/etc/profile-a-l/iagno.profile b/etc/profile-a-l/iagno.profile
index a99c603bd..42fc7d449 100644
--- a/etc/profile-a-l/iagno.profile
+++ b/etc/profile-a-l/iagno.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index 6f94777aa..683ee08bd 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -13,6 +13,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkfile ${HOME}/.config/kcalcrc
 mkfile ${HOME}/.kde/share/config/kcalcrc
diff --git a/etc/profile-a-l/kdeinit4.profile b/etc/profile-a-l/kdeinit4.profile
index 082045c62..f7235ea84 100644
--- a/etc/profile-a-l/kdeinit4.profile
+++ b/etc/profile-a-l/kdeinit4.profile
@@ -13,6 +13,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 9458edf33..d1893e412 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -20,6 +20,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/keepassxc
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index dd3e9617f..e73ea0dd5 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index 2eb46a7e8..1919d73bc 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.kde/share/apps/ktorrent
 mkdir ${HOME}/.kde4/share/apps/ktorrent
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index b23b23730..8d8bcdd7d 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.config/ktouch2rc
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index d512dd100..316a93d30 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index a71e3bfb9..7d39e89ad 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -21,6 +21,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile
index c456541aa..eb23b200b 100644
--- a/etc/profile-a-l/leafpad.profile
+++ b/etc/profile-a-l/leafpad.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile
index 624d4a8bd..91bd12d0d 100644
--- a/etc/profile-a-l/lincity-ng.profile
+++ b/etc/profile-a-l/lincity-ng.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.lincity-ng
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile
index 26157b942..cd8f0e529 100644
--- a/etc/profile-a-l/lugaru.profile
+++ b/etc/profile-a-l/lugaru.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/lugaru