diff options
| author |  SYN-cook <syncookongit@gmail.com> | 2017-03-31 05:06:50 +0200 |
|---|---|---|
| committer |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-03-31 03:06:50 +0000 |
| commit | 81c50814dd5a9a2e8aa5100bb7305649fa5b698f (patch) | |
| tree | 483250f6b9df8d6ea46804e4d0f857c3f46cd611 /etc | |
| parent | typo (diff) | |
| download | firejail-81c50814dd5a9a2e8aa5100bb7305649fa5b698f.tar.gz firejail-81c50814dd5a9a2e8aa5100bb7305649fa5b698f.tar.zst firejail-81c50814dd5a9a2e8aa5100bb7305649fa5b698f.zip | |
restrict more KDE files (#1181)
* update noblacklist
* blacklist local plasma overrides, plasmoids
* add more KDE configuration (kdeglobals, plasmoids)
* kdeglobals now in disable-common.inc
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/disable-common.inc | 13 | ||||
| -rw-r--r-- | etc/gwenview.profile | 2 | ||||
| -rw-r--r-- | etc/okular.profile | 2 |
3 files changed, 13 insertions, 4 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 45541906a..0ada3314f 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -45,24 +45,33 @@ blacklist ${HOME}/.fluxbox/startup | |||
| 45 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs | 45 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs |
| 46 | 46 | ||
| 47 | # KDE config | 47 | # KDE config |
| 48 | blacklist ${HOME}/.kde4/share/apps/solid | ||
| 49 | blacklist ${HOME}/.kde4/share/apps/konsole | 48 | blacklist ${HOME}/.kde4/share/apps/konsole |
| 49 | blacklist ${HOME}/.kde4/share/apps/plasma | ||
| 50 | blacklist ${HOME}/.kde4/share/apps/solid | ||
| 50 | blacklist ${HOME}/.kde4/share/config/*.notifyrc | 51 | blacklist ${HOME}/.kde4/share/config/*.notifyrc |
| 52 | read-only ${HOME}/.kde4/share/config/kdeglobals | ||
| 51 | blacklist ${HOME}/.kde4/share/config/khotkeysrc | 53 | blacklist ${HOME}/.kde4/share/config/khotkeysrc |
| 52 | blacklist ${HOME}/.kde4/share/config/krunnerrc | 54 | blacklist ${HOME}/.kde4/share/config/krunnerrc |
| 55 | blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc | ||
| 53 | blacklist ${HOME}/.kde4/share/kde4/services | 56 | blacklist ${HOME}/.kde4/share/kde4/services |
| 54 | blacklist ${HOME}/.kde/share/apps/solid | ||
| 55 | blacklist ${HOME}/.kde/share/apps/konsole | 57 | blacklist ${HOME}/.kde/share/apps/konsole |
| 58 | blacklist ${HOME}/.kde/share/apps/plasma | ||
| 59 | blacklist ${HOME}/.kde/share/apps/solid | ||
| 56 | blacklist ${HOME}/.kde/share/config/*.notifyrc | 60 | blacklist ${HOME}/.kde/share/config/*.notifyrc |
| 61 | read-only ${HOME}/.kde/share/config/kdeglobals | ||
| 57 | blacklist ${HOME}/.kde/share/config/khotkeysrc | 62 | blacklist ${HOME}/.kde/share/config/khotkeysrc |
| 58 | blacklist ${HOME}/.kde/share/config/krunnerrc | 63 | blacklist ${HOME}/.kde/share/config/krunnerrc |
| 64 | blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc | ||
| 59 | blacklist ${HOME}/.kde/share/kde4/services | 65 | blacklist ${HOME}/.kde/share/kde4/services |
| 60 | blacklist ${HOME}/.config/*.notifyrc | 66 | blacklist ${HOME}/.config/*.notifyrc |
| 67 | read-only ${HOME}/.config/kdeglobals | ||
| 61 | blacklist ${HOME}/.config/khotkeysrc | 68 | blacklist ${HOME}/.config/khotkeysrc |
| 62 | blacklist ${HOME}/.config/krunnerrc | 69 | blacklist ${HOME}/.config/krunnerrc |
| 70 | blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc | ||
| 63 | blacklist ${HOME}/.local/share/kglobalaccel | 71 | blacklist ${HOME}/.local/share/kglobalaccel |
| 64 | blacklist ${HOME}/.local/share/konsole | 72 | blacklist ${HOME}/.local/share/konsole |
| 65 | blacklist ${HOME}/.local/share/kservices5 | 73 | blacklist ${HOME}/.local/share/kservices5 |
| 74 | blacklist ${HOME}/.local/share/plasma | ||
| 66 | blacklist ${HOME}/.local/share/solid | 75 | blacklist ${HOME}/.local/share/solid |
| 67 | 76 | ||
| 68 | # VirtualBox | 77 | # VirtualBox |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index b8067866c..35e39a3ce 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
| @@ -3,6 +3,8 @@ | |||
| 3 | include /etc/firejail/gwenview.local | 3 | include /etc/firejail/gwenview.local |
| 4 | 4 | ||
| 5 | # KDE gwenview profile | 5 | # KDE gwenview profile |
| 6 | noblacklist ~/.kde4/share/apps/gwenview | ||
| 7 | noblacklist ~/.kde4/share/config/gwenviewrc | ||
| 6 | noblacklist ~/.kde/share/apps/gwenview | 8 | noblacklist ~/.kde/share/apps/gwenview |
| 7 | noblacklist ~/.kde/share/config/gwenviewrc | 9 | noblacklist ~/.kde/share/config/gwenviewrc |
| 8 | noblacklist ~/.config/gwenviewrc | 10 | noblacklist ~/.config/gwenviewrc |
diff --git a/etc/okular.profile b/etc/okular.profile index 07819068e..b4ee3ad32 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
| @@ -6,11 +6,9 @@ include /etc/firejail/okular.local | |||
| 6 | noblacklist ~/.kde4/share/apps/okular | 6 | noblacklist ~/.kde4/share/apps/okular |
| 7 | noblacklist ~/.kde4/share/config/okularrc | 7 | noblacklist ~/.kde4/share/config/okularrc |
| 8 | noblacklist ~/.kde4/share/config/okularpartrc | 8 | noblacklist ~/.kde4/share/config/okularpartrc |
| 9 | read-only ~/.kde4/share/config/kdeglobals | ||
| 10 | noblacklist ~/.kde/share/apps/okular | 9 | noblacklist ~/.kde/share/apps/okular |
| 11 | noblacklist ~/.kde/share/config/okularrc | 10 | noblacklist ~/.kde/share/config/okularrc |
| 12 | noblacklist ~/.kde/share/config/okularpartrc | 11 | noblacklist ~/.kde/share/config/okularpartrc |
| 13 | read-only ~/.kde/share/config/kdeglobals | ||
| 14 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 16 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |