disable-common: Protect caff's files

Caff (CA fire & forget) is a popular GnuPG helper for keysigning safely.
author: The Fox in the Shell <KellerFuchs@hashbang.sh> 2016-06-18 17:38:01 +0200
committer: The Fox in the Shell <KellerFuchs@hashbang.sh> 2016-06-18 17:40:08 +0200
commit: 0065456d6d6043206367ad56440943071ed25b69 (patch)
tree: bdb4a0a88c6e8c463a6972ee272a71d12d2cbb71 /etc
parent: disable-common: Make ~/.profile read-only (diff)
download: firejail-0065456d6d6043206367ad56440943071ed25b69.tar.gz
firejail-0065456d6d6043206367ad56440943071ed25b69.tar.zst
firejail-0065456d6d6043206367ad56440943071ed25b69.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index aebf099af..c857ff439 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -77,6 +77,7 @@ read-only ${HOME}/.csh_files
 read-only ${HOME}/.profile
 # Initialization files that allow arbitrary command execution
+read-only ${HOME}/.caffrc
 read-only ${HOME}/.mailcap
 read-only ${HOME}/.exrc
 read-only ${HOME}/_exrc
@@ -105,6 +106,7 @@ blacklist ${HOME}/.kde/share/apps/kwallet
 blacklist ${HOME}/.local/share/kwalletd
 blacklist ${HOME}/.netrc
 blacklist ${HOME}/.gnupg
+blacklist ${HOME}/.caff
 blacklist ${HOME}/*.kdbx
 blacklist ${HOME}/*.kdb
 blacklist ${HOME}/*.key
author	The Fox in the Shell <KellerFuchs@hashbang.sh>	2016-06-18 17:38:01 +0200
committer	The Fox in the Shell <KellerFuchs@hashbang.sh>	2016-06-18 17:40:08 +0200
commit	0065456d6d6043206367ad56440943071ed25b69 (patch)
tree	bdb4a0a88c6e8c463a6972ee272a71d12d2cbb71 /etc
parent	disable-common: Make ~/.profile read-only (diff)
download	firejail-0065456d6d6043206367ad56440943071ed25b69.tar.gz firejail-0065456d6d6043206367ad56440943071ed25b69.tar.zst firejail-0065456d6d6043206367ad56440943071ed25b69.zip