Profile fixes

- disable-programs.inc: blacklist ${HOME}/.local/state/pipewire
  If you did not yet noticed, on 08th May 2021 the XDG Base Directory
  Specification 0.8 was resleased (the first update since 2010). New are
  $XDG_STATE_HOME and $HOME/.local/bin.
- keepassxc: mkdirs are necessary
- gnote: harden
- pngquant: harden

4 files changed, 10 insertions, 3 deletions

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 9de781fb5..444446156 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -794,6 +794,7 @@ blacklist ${HOME}/.local/share/wormux
 blacklist ${HOME}/.local/share/xplayer
 blacklist ${HOME}/.local/share/xreader
 blacklist ${HOME}/.local/share/zathura
+blacklist ${HOME}/.local/state/pipewire
 blacklist ${HOME}/.lv2
 blacklist ${HOME}/.lyx
 blacklist ${HOME}/.magicor
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index b419a6231..2d4ce2437 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -21,6 +21,7 @@ mkdir ${HOME}/.config/gnote
 mkdir ${HOME}/.local/share/gnote
 whitelist ${HOME}/.config/gnote
 whitelist ${HOME}/.local/share/gnote
+whitelist /usr/libexec/webkit2gtk-4.0
 whitelist /usr/share/gnote
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index a67ea8d67..b915f6202 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -37,16 +37,22 @@ include disable-xdg.inc
 #mkdir ${HOME}/Documents/KeePassXC
 #whitelist ${HOME}/Documents/KeePassXC
 # Needed for KeePassXC-Browser.
+#mkdir ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts
 #mkfile ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
 #whitelist ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
+#mkdir ${HOME}/.config/chromium/NativeMessagingHosts
 #mkfile ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
 #whitelist ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
+#mkdir ${HOME}/.config/google-chrome/NativeMessagingHosts
 #mkfile ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
 #whitelist ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
+#mkdir ${HOME}/.config/vivaldi/NativeMessagingHosts
 #mkfile ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
 #whitelist ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
+#mkdir ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts
 #mkfile ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
 #whitelist ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
+#mkdir ${HOME}/.mozilla/native-messaging-hosts
 #mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
 #whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
 #mkdir ${HOME}/.cache/keepassxc
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile
index 275496496..0b3d2b44c 100644
--- a/etc/profile-m-z/pngquant.profile
+++ b/etc/profile-m-z/pngquant.profile
@@ -38,9 +38,8 @@ nosound
 notv
 nou2f
 novideo
-# protocol can be empty, but this is not yet supported see #639
-protocol inet
-seccomp
+# block the socket syscall to simulate an be empty protocol line, see #639
+seccomp socket
 shell none
 tracelog
 x11 none