Blacklist .local/share/kxmlgui5 and allow access only for applications which use it. (#3493)

* blacklist .local/share/kxmlgui5 KDE programs use this to store their toolbar config. * noblacklist .local/share/kxmlgui5 in the relevant KDE applications. * Whitelist kxmlgui file for okular. * Use a glob to blacklist subfolders instead of the parent folder. noblacklisting individual subdirectories works only if we do it this way (tested by launching bash in the kate profile). * Make directory, not file. * noblacklist relevant subdirs for more KDE applications
author: Kishore96in <kishore96@gmail.com> 2020-07-16 12:53:10 +0530
committer: GitHub <noreply@github.com> 2020-07-16 07:23:10 +0000
commit: 319f2dc8d65fe0264e4eb6006aab024751bb5bd4 (patch)
tree: c89ff5a1ff396550d1c7e2398d1b6e17fcbe2ff6 /etc/profile-a-l
parent: fix keepassxc (diff)
download: firejail-319f2dc8d65fe0264e4eb6006aab024751bb5bd4.tar.gz
firejail-319f2dc8d65fe0264e4eb6006aab024751bb5bd4.tar.zst
firejail-319f2dc8d65fe0264e4eb6006aab024751bb5bd4.zip
22 files changed, 42 insertions, 0 deletions
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index 377c43804..6a4d775e7 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -8,6 +8,7 @@ include globals.local
 noblacklist ${HOME}/.config/akregatorrc
 noblacklist ${HOME}/.local/share/akregator
+noblacklist ${HOME}/.local/share/kxmlgui5/akregator
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +20,11 @@ include disable-shell.inc
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator
+mkdir ${HOME}/.local/share/kxmlgui5/akregator
 whitelist ${HOME}/.config/akregatorrc
 whitelist ${HOME}/.local/share/akregator
 whitelist ${HOME}/.local/share/kssl
+whitelist ${HOME}/.local/share/kxmlgui5/akregator
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile
index 01004d772..4b81b2717 100644
--- a/etc/profile-a-l/ark.profile
+++ b/etc/profile-a-l/ark.profile
@@ -7,6 +7,7 @@ include ark.local
 include globals.local
 noblacklist ${HOME}/.config/arkrc
+noblacklist ${HOME}/.local/share/kxmlgui5/ark
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile
index 489036e39..f4ce47018 100644
--- a/etc/profile-a-l/calligra.profile
+++ b/etc/profile-a-l/calligra.profile
@@ -6,6 +6,8 @@ include calligra.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.local/share/kxmlgui5/calligra
 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile
index 7804a3b97..23dd61175 100644
--- a/etc/profile-a-l/calligraplan.profile
+++ b/etc/profile-a-l/calligraplan.profile
@@ -1,5 +1,7 @@
 # Firejail profile alias for calligra
 # This file is overwritten after every install/update
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile
index 7804a3b97..1c283a3cb 100644
--- a/etc/profile-a-l/calligraplanwork.profile
+++ b/etc/profile-a-l/calligraplanwork.profile
@@ -1,5 +1,7 @@
 # Firejail profile alias for calligra
 # This file is overwritten after every install/update
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile
index 7804a3b97..8ef75be71 100644
--- a/etc/profile-a-l/calligrasheets.profile
+++ b/etc/profile-a-l/calligrasheets.profile
@@ -1,5 +1,7 @@
 # Firejail profile alias for calligra
 # This file is overwritten after every install/update
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile
index 7804a3b97..d5c960248 100644
--- a/etc/profile-a-l/calligrastage.profile
+++ b/etc/profile-a-l/calligrastage.profile
@@ -1,5 +1,7 @@
 # Firejail profile alias for calligra
 # This file is overwritten after every install/update
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile
index 7804a3b97..5985b4250 100644
--- a/etc/profile-a-l/calligrawords.profile
+++ b/etc/profile-a-l/calligrawords.profile
@@ -1,5 +1,7 @@
 # Firejail profile alias for calligra
 # This file is overwritten after every install/update
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index ec83a2d9f..efdc56e38 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.kde/share/config/gwenviewrc
 noblacklist ${HOME}/.kde4/share/apps/gwenview
 noblacklist ${HOME}/.kde4/share/config/gwenviewrc
 noblacklist ${HOME}/.local/share/gwenview
+noblacklist ${HOME}/.local/share/kxmlgui5/gwenview
 noblacklist ${HOME}/.local/share/org.kde.gwenview
 include disable-common.inc
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile
index 0c1da7ae1..86292744c 100644
--- a/etc/profile-a-l/k3b.profile
+++ b/etc/profile-a-l/k3b.profile
@@ -9,6 +9,7 @@ include globals.local
 noblacklist ${HOME}/.config/k3brc
 noblacklist ${HOME}/.kde/share/config/k3brc
 noblacklist ${HOME}/.kde4/share/config/k3brc
+noblacklist ${HOME}/.local/share/kxmlgui5/k3b
 noblacklist ${MUSIC}
 include disable-common.inc
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile
index 3b2e93b0a..d54d6d3d0 100644
--- a/etc/profile-a-l/karbon.profile
+++ b/etc/profile-a-l/karbon.profile
@@ -1,5 +1,7 @@
 # Firejail profile alias for krita
 # This file is overwritten after every install/update
+noblacklist ${HOME}/.local/share/kxmlgui5/karbon
 # Redirect
 include krita.profile
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index 321c4558f..37605dfa9 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -15,6 +15,13 @@ noblacklist ${HOME}/.config/kateschemarc
 noblacklist ${HOME}/.config/katesyntaxhighlightingrc
 noblacklist ${HOME}/.config/katevirc
 noblacklist ${HOME}/.local/share/kate
+noblacklist ${HOME}/.local/share/kxmlgui5/kate
+noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
+noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole
+noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
+noblacklist ${HOME}/.local/share/kxmlgui5/katepart
+noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
+noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index 683ee08bd..fa82e76f3 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -6,6 +6,7 @@ include kcalc.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.local/share/kxmlgui5/kcalc
 include disable-common.inc
 include disable-devel.inc
@@ -15,12 +16,14 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
+mkdir ${HOME}/.local/share/kxmlgui5/kcalc
 mkfile ${HOME}/.config/kcalcrc
 mkfile ${HOME}/.kde/share/config/kcalcrc
 mkfile ${HOME}/.kde4/share/config/kcalcrc
 whitelist ${HOME}/.config/kcalcrc
 whitelist ${HOME}/.kde/share/config/kcalcrc
 whitelist ${HOME}/.kde4/share/config/kcalcrc
+whitelist ${HOME}/.local/share/kxmlgui5/kcalc
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile
index e3560cb35..9ca33b68e 100644
--- a/etc/profile-a-l/kdenlive.profile
+++ b/etc/profile-a-l/kdenlive.profile
@@ -11,6 +11,7 @@ ignore noexec ${HOME}
 noblacklist ${HOME}/.cache/kdenlive
 noblacklist ${HOME}/.config/kdenliverc
 noblacklist ${HOME}/.local/share/kdenlive
+noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile
index 485edc1a4..5990d0752 100644
--- a/etc/profile-a-l/kget.profile
+++ b/etc/profile-a-l/kget.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde/share/config/kgetrc
 noblacklist ${HOME}/.kde4/share/apps/kget
 noblacklist ${HOME}/.kde4/share/config/kgetrc
 noblacklist ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kxmlgui5/kget
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index cce92a93f..aa2e0ad1e 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -8,6 +8,7 @@ include globals.local
 noblacklist ${MUSIC}
 noblacklist ${HOME}/.config/kid3rc
+noblacklist ${HOME}/.local/share/kxmlgui5/kid3
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 198b05a11..ab4ff10b9 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -25,6 +25,8 @@ noblacklist ${HOME}/.local/share/apps/korganizer
 noblacklist ${HOME}/.local/share/contacts
 noblacklist ${HOME}/.local/share/emailidentities
 noblacklist ${HOME}/.local/share/kmail2
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
 noblacklist ${HOME}/.local/share/local-mail
 noblacklist ${HOME}/.local/share/notes
 noblacklist /tmp/akonadi-*
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile
index ababfcdb1..f155d0ad6 100644
--- a/etc/profile-a-l/knotes.profile
+++ b/etc/profile-a-l/knotes.profile
@@ -12,6 +12,7 @@ include knotes.local
 noblacklist ${HOME}/.config/knotesrc
 noblacklist ${HOME}/.local/share/knotes
+noblacklist ${HOME}/.local/share/kxmlgui5/knotes
 # Redirect
 include kmail.profile
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index 4e17f590c..4dd929c6b 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/konversationrc
 noblacklist ${HOME}/.config/konversation.notifyrc
 noblacklist ${HOME}/.kde/share/config/konversationrc
 noblacklist ${HOME}/.kde4/share/config/konversationrc
+noblacklist ${HOME}/.local/share/kxmlgui5/konversation
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile
index e0bdce059..a5269373d 100644
--- a/etc/profile-a-l/kopete.profile
+++ b/etc/profile-a-l/kopete.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.kde/share/apps/kopete
 noblacklist ${HOME}/.kde/share/config/kopeterc
 noblacklist ${HOME}/.kde4/share/apps/kopete
 noblacklist ${HOME}/.kde4/share/config/kopeterc
+noblacklist ${HOME}/.local/share/kxmlgui5/kopete
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index 1919d73bc..b55e00f22 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde/share/config/ktorrentrc
 noblacklist ${HOME}/.kde4/share/apps/ktorrent
 noblacklist ${HOME}/.kde4/share/config/ktorrentrc
 noblacklist ${HOME}/.local/share/ktorrent
+noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent
 include disable-common.inc
 include disable-devel.inc
@@ -24,6 +25,7 @@ include disable-shell.inc
 mkdir ${HOME}/.kde/share/apps/ktorrent
 mkdir ${HOME}/.kde4/share/apps/ktorrent
 mkdir ${HOME}/.local/share/ktorrent
+mkdir ${HOME}/.local/share/kxmlgui5/ktorrent
 mkfile ${HOME}/.config/ktorrentrc
 mkfile ${HOME}/.kde/share/config/ktorrentrc
 mkfile ${HOME}/.kde4/share/config/ktorrentrc
@@ -34,6 +36,7 @@ whitelist ${HOME}/.kde/share/config/ktorrentrc
 whitelist ${HOME}/.kde4/share/apps/ktorrent
 whitelist ${HOME}/.kde4/share/config/ktorrentrc
 whitelist ${HOME}/.local/share/ktorrent
+whitelist ${HOME}/.local/share/kxmlgui5/ktorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 7d39e89ad..4ff8efa70 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc
 noblacklist ${HOME}/.config/katevirc
 noblacklist ${HOME}/.config/kwriterc
 noblacklist ${HOME}/.local/share/kwrite
+noblacklist ${HOME}/.local/share/kxmlgui5/kwrite
 noblacklist ${DOCUMENTS}
 include disable-common.inc
author	Kishore96in <kishore96@gmail.com>	2020-07-16 12:53:10 +0530
committer	GitHub <noreply@github.com>	2020-07-16 07:23:10 +0000
commit	319f2dc8d65fe0264e4eb6006aab024751bb5bd4 (patch)
tree	c89ff5a1ff396550d1c7e2398d1b6e17fcbe2ff6 /etc/profile-a-l
parent	fix keepassxc (diff)
download	firejail-319f2dc8d65fe0264e4eb6006aab024751bb5bd4.tar.gz firejail-319f2dc8d65fe0264e4eb6006aab024751bb5bd4.tar.zst firejail-319f2dc8d65fe0264e4eb6006aab024751bb5bd4.zip